asked on
XSS Issue on FTP Site
An FTP server that we've been using has popped up on a security audit; I'm not expertly versed in anything other than extremely rudimentary HTML. I was able to get some basic information on what I should be looking for, but I'm just not seeing it.
Below is the HTML code for the site. We use Rumpus FTP server for the site. Any help finding what's wrong with the HTML is greatly appreaciated.
Below is the HTML code for the site. We use Rumpus FTP server for the site. Any help finding what's wrong with the HTML is greatly appreaciated.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<link href="/wfm.css" rel="stylesheet" type="text/css" />
<title><WEBFILES_VAR Title></title>
</head>
<body>
<WEBFILES_HEADER_CSS>
<WEBFILES_BAD_PASSWORD><p>Login Failed</p><p>Please carefully enter your account name and password again.</p></WEBFILES_BAD_PASSWORD>
<form method="post" action="/Rumpus.clogin" name="Login">
<WEBFILES_DOMAIN_SELECTOR>
<input type="hidden" name="RumpusDestURL" value="<WEBFILES_DESTINATION_URL>">
<div class="InfoBox">
<div class="BoxHeader">Secure Login</div>
<div class="BoxContent">
<p><table class="Minimal">
<tr><td class="LabelCell">Username:</td><td class="FieldCell"><input type="text" name="RumpusLoginUserName" value="" size="20" maxlength="60"></TD></TR>
<tr><td class="LabelCell">Password:</td><td class="FieldCell"><input type="password" name="RumpusLoginPassword" value="" size="20" maxlength="60"></TD></TR>
</table></p>
<p><input type="submit" value="Log In"></p>
<WEBFILES_SEND_PASSWORDS><a href="/ForgotPassword">Forgot Your Password?</a></WEBFILES_SEND_PASSWORDS>
</div>
</div>
</form>
<WEBFILES_ANONYMOUS_WITH_ANY>
<br />
<form method="post" action="/Rumpus.clogin" name="AnyLogin">
<input type="hidden" name="RumpusDestURL" value="<WEBFILES_DESTINATION_URL>">
<input type="hidden" name="RumpusLoginUserName" value="ANONYMOUS">
<div class="InfoBox">
<div class="BoxHeader">Anonymous Login</div>
<div class="BoxContent">
<p>Public access to this server is also available. To continue without supplying a secure username and password, you may login anonymously.</p>
<p><input type="submit" value="Anonymous Login"></p>
</div>
</div>
</form>
</WEBFILES_ANONYMOUS_WITH_ANY>
<WEBFILES_ANONYMOUS_WITH_EMAIL>
<br />
<form method="post" action="/Rumpus.clogin" name="EMailLogin">
<input type="hidden" name="RumpusDestURL" value="<WEBFILES_DESTINATION_URL>">
<input type="hidden" name="RumpusLoginUserName" value="ANONYMOUS">
<div class="InfoBox">
<div class="BoxHeader">Anonymous Login</div>
<div class="BoxContent">
<p>Public access to this server is also available. To continue without supplying a secure username and password, please enter your e-mail address.</p>
<p>E-Mail: <input type="text" name="RumpusLoginPassword" value="" size="24" maxlength="60"></p>
<p><input type="submit" value="Anonymous Login"></p>
</div>
</div>
</form>
</WEBFILES_ANONYMOUS_WITH_EMAIL>
<script language='javascript'>document.Login.RumpusLoginUserName.focus();</script>
</body>
</html>
Web Languages and Standards
Last Comment
weirdturnedpro