SecuriTeam"! - Apache mod_proxy_ftp Undefined Charset UTF-7 XSS Vulnerability


Mod_proxy_ftp "provides support for the proxying FTP sites. Note that FTP support is currently limited to the GET method." A XSS(UTF7) exist in mod_proxy_ftp.c . Charset is not defined and we can provide XSS attack using ";" char in URL by setting Charset to UTF-7.