Open Ticket Request System (OTRS) index.php 多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109279 漏洞类型 SQL注入
发布时间 2005-11-22 更新时间 2005-11-30
CVE编号 CVE-2005-3893 CNNVD-ID CNNVD-200511-453
漏洞平台 CGI CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/26550
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200511-453
|漏洞详情
OpenTRS是一款免费的开源的订票系统,它具有电子邮件、电话等接口功能。OpenTicketRequestSystem(OTRS)1.0.0至1.3.2及2.0.0至2.0.3的index.php存在多个SQL注入漏洞,可让远程攻击者通过(1)Login操作中的user参数,以及通过AgentTicketPlain操作的(2)TicketID和(3)ArticleID参数远程认证的用户,执行任意SQL命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/15537/info

OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

The application is prone to multiple SQL-injection vulnerabilities, an HTML-injection vulnerability, and multiple cross-site scripting vulnerabilities. 

http://www.example.com/index.pl?Action=Login&User=%27[SQL_HERE]
|参考资料

来源:BID
名称:15537
链接:http://www.securityfocus.com/bid/15537/
来源:SECUNIA
名称:17685
链接:http://secunia.com/advisories/17685/
来源:otrs.org
链接:http://otrs.org/advisory/OSA-2005-01-en/
来源:MISC
链接:http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
来源:BUGTRAQ
名称:20051122OTRS1.x/2.xMultipleSecurityIssues
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=113272360804853&w=2
来源:XF
名称:otrs-agentticketplain-sql-injection(23354)
链接:http://xforce.iss.net/xforce/xfdb/23354
来源:XF
名称:otrs-login-sql-injection(23352)
链接:http://xforce.iss.net/xforce/xfdb/23352
来源:OSVDB
名称:21065
链接:http://www.osvdb.org/21065
来源:OSVDB
名称:21064
链接:http://www.osvdb.org/21064
来源:SUSE
名称:SUSE-SR:2005:030
链接:http://www.novell.com/linux/security/advisories/2005_30_sr.html
来源:VUPEN
名称:ADV-2005-2535
链接:http://www.frsirt.com/english/advisories/2005/2535
来源:DEBIAN
名称:DSA-973
链接:http://www.debian.org/security/2006/dsa-973
来源:SECTRACK
名称:1015262
链接:http://securitytracker.com/id?1015262
来源:SECUNIA
名称:18887
链接:http://secunia.com/advisories/188