Title       : FTGateOffice/FTGatePro V1.2 Multiple vulnerabilities
Reported    : dr_insane at pathfinder.gr
Remote      : Yes
Local       : Yes
Class       : Path exposure , Cross site scripting , Validation errors
Severity    : Low
Date        : 2/4/2004
----------------------------------------------------------------


Product Description:
--------------------
FTGate is a professional, award winning family of mail server applications that offer
you exceptional performance, comprehensive features, ease of use and advanced security
features in a cost effective package.FTGateOffice is our most popular mail server, 
offering a quality, feature packed mail server in a cost effective easy to use package.
With a host of advanced features FTGateOffice is suitable for large or small organizations
interested in installing a mail server or replacing their current mail server with a solid
reliable product. Features include: POP3/SMTP/HTTP servers, Web Mail, WebAdmin, Anti-Virus
support, Content Filtering, Attachment Filtering.


Technical Analysis:
-------------------
Some vulnerabilties have been identified in FTGateOffice/FTGatePro V1.2 allowing malicious
people to conduct Cross Site Scripting attacks and gain valuable information about the remote
server.

1)The first vulnerability is a CSS attack that allows an attacker to inject arbitrary HTML code into a web page.
An attacker could guide the victim to a specially crafted URL that, when followed, would send the cookie to the attacker.
With the cookie of a user, an attacker would be able to hijack his account.

https://127.0.0.1/addresses/individual.fts
In the field "Display name" an attacker can insert code.

2) There is also a secondary problem that reveal the server's physical path.The problem exists in the "id" paramatre.
https://[host]/inbox/message.fts?folder=Sent%20Items&id=test


3)The third problem is tha FTGATE handles the folder arguments without any validation

https://127.0.0.1/inbox/index.fts?folder=TEST&index=1



credit:
-------
Vulnerabillity found and tested by dr_insane


______________________________________________________________________________________
https://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones! 
https://www.pathfinder.gr - ÄùñåÜí mail áðü ôïí Pathfinder!