![]() ![]() Monitor FTP Server Logs for Troubleshooting & Error-Handling This includes real-time session monitoring and file transfer statistics, granular control over bandwidth, storage, permissions and access, access to virtual folders for local storage, remote shares, transfer ratio and quota management for end-users, and more. Perform file transfer administration and management from a single, easy-to-use management console. Web Client Pro also provides a transfer queue to pause or resume active file transfers and ask for confirmation before file overwrite.Įasy File Transfer Administration & Management Transfer large files (>3GB) with the help of a free, built-in Web plug-in called “Web Client Pro.” This plug-in also allows you to upload/download multiple files at once. Large File Transfer (>3GB) & Multiple File Transfers With an interactive drag-and-drop file transfer option, your end-users can exchange files from anywhere on-the-fly. Quick & Easy File Transfer from Web Browsers & Mobile Devicesįrom intuitive Web client and mobile device interfaces, you can easily view, upload, and download documents in no time. When transferring files using FTPS, SSL/TLS protects the data in transit using SSL/TLS, and confidential information is protected from tampering, snooping, leakage, or accidental exposure. You can encrypt files using SSL or TLS cryptographic protocol, and safely and securely exchange files with your business partners. Serv-U FTP Server supports secure FTPS protocol for file transfers. Var csrftoken = $('script').text().match(/(&CsrfToken='\+")(.Secure File Transfer using FTPS (over SSL/TLS) Called an Ajax method to POST the files to the original Serv-U host to ensure the original promise is met.Re-written the 'SubmitForm' function to post to an external host instead.Grabbed the current CSRF token from the page.The script can simply be hosted and then injected via XSS using tags. It took a little bit of tweaking to get the files to upload correctly to Serv-U and be sent off at the same time due to the Async Ajax calls being used. The idea here is that perhaps during a Red Team or other social engineering event, access to a Serv-U account could Serv-U well as the URL's will be on a trusted domain. The next best thing I could think of was a man-in-the-middle attack, intercepting uploaded files and sending them to a 3rd party server without altering the view of the page. Unfortunately, the web application for one reason or another does not actually load the shareable links when a user is already logged in.BUT I figured I wouldn't leave you empty-handed. I thought of different ways that this could be weaponized, although it seemed that certain application flows prevented the interesting cookie stealing or CSRF fun that might happen when the URL is sent to a logged-in Serv-U user. We now get XSS on the publicly shareable URL. Now if we modify the original link generation request and include an XSS payload such as "'/>alert(7)%3b%40localhost.local in the 'SenderEmail' field.Īnd then grab the 'ShareURL' from the response. Files uploaded here will be sent back to the link creator's Serv-U folder. Using dummy data and sending the request shows a publicly shareable URL.Ĭhecking the generated URL shows a file upload form. Once authenticated, a user can go to the 'Request Files' tab to generate a file request URL. The following steps were tested on version 15.2.3, as the host, I was originally testing was running an older version, I downloaded a trial version to see if it was still applicable. This meant a discreet share URL could be sent to a victim. Serv-U contains two features to send and receive files from others, when testing the 'Request Files' feature I noticed that the Sender Email input was not being encoded when being place in a publicly accessible share URL. ![]() Although the initial vector requires authentication, a low privileged user is able to create a publicly accessible URL that triggers an XSS payload when visited. In this example, I found a small, yet interesting vulnerability within the SolarWinds Serv-U FTP Server. When the rest of the test can run a little dry, I start attacking these hosts in hopes of finding some undiscovered vulnerabilities. Sometimes when pen-testing a large network you come across a few exposed web hosts running out-of-the-box software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |