Finding vulnerabilities of YaFtp 1.0.14 (a client-side FTP application)

Abstract: In this report we are going to find the vulnerabilities of YaFtp program, a client-side FTP application, and we are also going to suggest some mitigation methods. This process will be performed by using a specific plan which plays an important role in finding the security issues and analyzing the program. First of all we must understand the problem and gather the information which is related to this program. In fact, gathering the information is the most important phase in finding the vulnerabilities which clears the problem for us. In the next phase, model of the application will be drawn. Then, possible vulnerabilities will be discussed and we will draw two possible attack trees for YaFtp program. Finally, by using some automation tools and also manually, we will find the vulnerable candidate points, and we will investigate them to find the vulnerabilities. To summarize, 9 important vulnerabilities were found in this report. And, there are some solutions and suggestions in the last section of this report for developers of this application.

Click here to download the PDF file.

Critical vulnerabilities in the website of my department! … were solved!

There were some critical vulnerabilities in website of Computer Science Department, University of Birmingham.
Addresses of the website:
www.cs.bham.ac.uk
supportweb.cs.bham.ac.uk

I reported them to the computer support section, and all of them are solved now.
The vulnerabilities were:
1- File uploading attack (In WWW, attacker could upload a php file and execute it.)
2- Directory traversal (In WWW, attacker could see the files and directories of the server and download the web files via the browser)
3- Local file inclusion (In Supportweb, attacker could use LFI techniques to do some malicious works)
4- Critical XSS attack in Gate Keeper’s Login (In Both, attacker could steal all the usernames and passwords of the users by using some simple social engineering techniques.)

Most of these vulnerabilities were because of the old part of the website.

Cheers.