FTGate Pro - Multiple Vulnerabilities

"FTGate is a professional, award-winning family of mail server applications that offer you exceptional performance, comprehensive features, ease of use and advanced security features in a cost effective package."

More information at http://www.floosietek.com

[Vulnerability #1] Information Disclosure

Upon executed, the script http://victim.com:8080/tools/edomain.fts the FTGate configuration into a file so that you can send it to FTGate support team for support should you encounter any problem with the software. Unfortunately, the script itself isn't restricted access so it can be easily executed arbitrarily by anyone with direct access.

Various information about the FTGate server will be dumped to a file named ftgate_dump.txt located in the c:\Program files\FTGate\directory. Of course, you cannot have direct access to the dump file and download it but you can still view it with the help of the ftgetfile.fts script. Simply appending it to the command parameter of the script will do the trick, for example http://www.victim.com:8080/tools/ftgetfile.fts?command=1.

[Vulnerability #2] FTGate Pro Username and Password exposures

The script exportpw.fts does exactly what it says "exports the mailboxes for a domain to a text file" and it flows the same problem, like the ftgetdump.fts script, which allows anyone with direct access to the FTGate administration to retrieve all user passwords. The csv format, which is included in the FTGate program directory. It is important to checks the "Export Password" option before exporting the mailbox.

The exportpw.fts script does not have an option for you to view the file like the ftgetdump.fts does but you can get around that by having the exportpw.fts script export to a file named "ftgate_dump.txt" and later use the ftgetdump.fts script to view the file. You can also export it to FTGate file help or ftgetdump.fts script to view the file. Alternatively, you can also export it to FTGate file help or ftgetdump.fts script user directory and download it if you wish. There you have it folks!

[Vulnerability #1] Information Disclosure

Various information about the FTGate server will be dumped to a file named ftgate_dump.txt located in the c:\Program files\FTGate\directory. Of course, you cannot have direct access to the dump file and download it but you can still view it with the help of the ftgetdump.fts script. Simply appending it to the command parameter of the script will do the trick, for example http://www.victim.com:8080/tools/ftgetdump.fts?command=1.