Atmail Webmail Client多个HTML代码注入漏洞
Atmail Webmail Client多个HTML代码注入漏洞
发布日期:2012-01-09
更新日期:2012-01-10
受影响系统:
@Mail Atmail Webmail Client 6.3.4
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 51313
Atmail是商业化Linux消息传送平台提供者。
Atmail Webmail Client将用户提供的输入用作动态内容之前没有正确过滤,在实现上存在多个HTML注入漏洞,成功利用可允许攻击者在受影响站点的用户浏览器中执行任意HTML和脚本代码,窃取Cookie身份验证凭证或控制站点外观。
<*来源:Benjamin Kunz Mejri
链接:http://seclists.org/fulldisclosure/2012/Jan/94
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Benjamin Kunz Mejri ()提供了如下测试方法:
Code Review: Exception Handling of the Application Service
<div id="primary_content_inner" style="padding: 20px; overflow: auto; height: 100%;">
?????SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual
that
corresponds to your MySQL server version for the right syntax to use near '"><EXECUTION OF MALICIOUS SCRIPT CODE")'
<="" where'="" at="" line="" 1="" <h2="">Application error</h2>
<h3>Exception information:<
/h3>
<p>
<b>Message:<br></b> SQLSTATE[42000]: Syntax error or access
violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the
right syntax to use near '"><iframe src=a onload=alert("PERSISTENT") < where' at line 1
</p>
<strong>Thrown in:</strong> /usr/local/atmail/webmail/library/Zend/Db/Statement/Pdo.php, Line #:234, Code #: 42000
<h3>Stack trace:</h3>
<pre>#0 /usr/local/atmail/webmail/library/Zend/Db/Statement.php(300):
Zend_Db_Statement_Pdo->_execute(Array)
#1 /usr/local/atmail/webmail/library/Zend/Db/Adapter/Abstract.php(468): Zend_Db_Statement->execute(Array)
#2 /usr/local/atmail/webmail/library/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('select
count(id...', Array)
#3 /usr/local/atmail/webmail/library/Zend/Db/Adapter/Abstract.php(799): Zend_Db_Adapter_Pdo_Abstract->query('select
count(id...', Array)
#4/usr/local/atmail/webmail/application/models/api.php(3270): Zend ... ...
Code Review: Adding New User - Userverwaltung or User Registration
<tr>
<td class="contact_field" align="top">
Firstname </td>
<td>
<input class="" maxlength="128" name="UserFirstName" id="UserFirstName"
value="<script>EXECUTION OF MALICIOUS SCRIPT CODE)</script>">
</td>
</tr>
<tr>
<td class="contact_field" align="top">
Lastname </td>
<td>
<input class="default" maxlength="128" name="UserLastName" id="UserLastName" value="Last Name">
</td>
</tr>
Code Review: Mass Mail - Output
<td class="label">Filter by domain:</td>
<td class="filterinput">
<input name="aliasFilter" id="aliasFilter" class="panelFilter" value=""
<script>EXECUTION OF MALICIOUS SCRIPT CODE)</script>" type="text">
<small>Specify a domain or email to filter results</small>
</td>
<td class="filterdomain">
</td>
</tr>
</tbody></table>
建议:
--------------------------------------------------------------------------------
厂商补丁:
@Mail
-----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.securityfocus.com/bid/51313/www.atmail.com
评论暂时关闭