Opened 3 years ago

Closed 3 years ago

#10785 closed Bug report (fixed)

Application Vulnerability

Reported by: CyberGorkhas Owned by:
Priority: critical Component: FileZilla Client
Keywords: Cc:
Component version: Operating system type: Windows
Operating system version:

Description

There seems to be a security issue in your filezilla application. We need to connect with a security/developer personnel to disclose this vuln. Please reply ASAP.

Change History (4)

comment:1 Changed 3 years ago by Tim Kosse

Status: newmoreinfo

Please send an email to tim.kosse@…

comment:2 Changed 3 years ago by CyberGorkhas

Status: moreinfonew

Done can you check the email.

comment:3 Changed 3 years ago by Tim Kosse

As received via mail:

So today, I was testing some applications for common vulnerabilities and discovered that filezilla client application for windows was suffering from DLL hijack vulnerability. Due to this vulnerability, a hacker can uses a malicious DLL to replace the DLL that comes with installation. The filezilla client will install with no corruption however due to use of malicious DLL the hacker can get access to user's confidential information. You can learn more about DLL hijack on this link. Attached is also the picture where I used a harmless DLL that informs me if an application is vulnerable to DLL hijacking.

https://textplain.wordpress.com/2015/12/18/dll-hijacking-just-wont-die/

Thank you,
Rojan Rijal(Skelor)

comment:4 Changed 3 years ago by Tim Kosse

Resolution: fixed
Status: newclosed

Fixed in 3.16.1

Note: See TracTickets for help on using tickets.