StingRay File Transfer Server XSS
September 15th, 2008
StingRay FTS Cross-Site Scripting Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064368.html
Secunia: http://secunia.com/Advisories/31645/
Product URL: http://www.porthale.co.uk/products/stingray/stingray.htm
As with a lot of XSS and web security advisories its not uncommon to never have heard of the product. The StingRay FTS is a File Transfer Server. You may be asking why I’m writing about XSS exploits since they are so petty. The reason is, this exploit happens to be on a File Server. Now, imagine if there was an XSS exploit on a corporate file server. How hard would it be to gain access? Your simple XSS exploit, and minor development overlook has opened up your file server for further information gathering, corporate espionage and further attacks. The StingRay FTS has earned some awards, so its worthy of a mention. If you’re have one and, patch it and make sure that the problem did get patched.
Entry Filed under: Server Security
Trackback this post