https://www.exploit-db.com/exploits/23307
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-083

FastreamNETFileServer6.0.3.588版本存在跨站脚本(XSS)漏洞。远程攻击者可以通过URL注入任意Web脚本或HTML，该漏洞在”404NotFound”错误网页中被显示。

source: http://www.securityfocus.com/bid/8908/info

It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to a "404 Not Found" error message returned to the user due to a request for a URL that does not exist. The error message reportedly contains the bad URL which is not properly sanitized therefore allowing an attacker to a construct a malicious link containing HTML or script code that may be rendered in a user's browser.

Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.

NetFile FTP/Webserver Version 6.0.3.588 has been reported to be prone to this issue, however other versions may be affected as well. 

http://www.example.com/<script>alert("bang")</script>

来源:XF
名称:fastream-nonexistent-url-xss(13535)
链接:http://xforce.iss.net/xforce/xfdb/13535
来源:BID
名称:8908
链接:http://www.securityfocus.com/bid/8908
来源:BUGTRAQ
名称:20031028FastreamNetFileFTP/WebServer6.0CSSVulnerability
链接:http://www.securityfocus.com/archive/1/342678
来源:OSVDB
名称:2732
链接:http://www.osvdb.org/2732
来源:SECTRACK
名称:1008020
链接:http://securitytracker.com/id?1008020
来源:SECUNIA
名称:10099
链接:http://secunia.com/advisories/10099