Open Ticket Request System (OTRS) index.pl 多个跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109280 漏洞类型 跨站脚本
发布时间 2005-11-22 更新时间 2005-11-30
CVE编号 CVE-2005-3894 CNNVD-ID CNNVD-200511-474
漏洞平台 CGI CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/26552
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200511-474
|漏洞详情
OpenTRS是一款免费的开源的订票系统,它具有电子邮件、电话等接口功能。OpenTicketRequestSystem(OTRS)1.0.0至1.3.2以及2.0.0至2.0.3的index.pl存在多个跨站脚本漏洞,可让远程认证的用户通过(1)QueueID参数中十六进制编码的值以及(2)"操作"参数注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/15537/info
  
OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
  
The application is prone to multiple SQL-injection vulnerabilities, an HTML-injection vulnerability, and multiple cross-site scripting vulnerabilities. 

http://www.example.com/index.pl?QueueID=%22%3E%3Cscript%3Ealert('[XSS_HERE]')%3B%3C/script%3E%3Cx%20y=%22
http://www.example.com/index.pl?Action="><script>alert(document.title);</script><x%20"
|参考资料

来源:BID
名称:15537
链接:http://www.securityfocus.com/bid/15537/
来源:SECUNIA
名称:17685
链接:http://secunia.com/advisories/17685/
来源:otrs.org
链接:http://otrs.org/advisory/OSA-2005-01-en/
来源:MISC
链接:http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
来源:BUGTRAQ
名称:20051122OTRS1.x/2.xMultipleSecurityIssues
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=113272360804853&w=2
来源:XF
名称:otrs-index-xss(23359)
链接:http://xforce.iss.net/xforce/xfdb/23359
来源:XF
名称:otrs-queue-selection-xss(23356)
链接:http://xforce.iss.net/xforce/xfdb/23356
来源:OSVDB
名称:21067
链接:http://www.osvdb.org/21067
来源:SUSE
名称:SUSE-SR:2005:030
链接:http://www.novell.com/linux/security/advisories/2005_30_sr.html
来源:VUPEN
名称:ADV-2005-2535
链接:http://www.frsirt.com/english/advisories/2005/2535
来源:DEBIAN
名称:DSA-973
链接:http://www.debian.org/security/2006/dsa-973
来源:SECTRACK
名称:1015262
链接:http://securitytracker.com/id?1015262
来源:SECUNIA
名称:18887
链接:http://secunia.com/advisories/18887
来源:SECUNIA
名称:18101
链接:http://secunia.com/advisories/18101
来源:FULL