Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

otrs-xss.txt

🗓️ 08 May 2007 00:00:00Reported by ciriType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

OTRS v2.0.x XSS/XSRF vulnerability allows injection of code into the Subaction parameter, potentially leading to unauthorized user actions

Show more
Code
`Geschreven door: ciri ( 2007-05-07 00:00:00 )  
---------------------------------------------------------------------------------  
| ____ ____.__ __ |  
| \ \ / /|__|_______/ |_ __ _______ ___ |  
| \ Y / | \_ __ \ __\ | \__ \ \ \/ / |  
| \ / | || | \/| | | | // __ \_> < |  
| \___/ |__||__| |__| |____/(____ /__/\_ \ |  
| \/ \/ |  
| Security without illusions |  
| www.virtuax.be |  
| |  
---------------------------------------------------------------------------------  
  
  
Application: OTRS  
Vulnerable Versions: <= v2.0.x  
Vulnerability: XSS/XSRF  
  
Vendor: http://www.otrs.org  
Vendor Status: Notified  
  
Found: 07-05-2007  
Public Release Date: 07-05-2007  
Last modified: 07-05-2007  
Author: ciri  
E-mail: ciri[a.t]virtuax[d.o.t]be  
  
reference: http://www.virtuax.be/advisories/Advisory5-07052007.txt  
  
=================================================================================  
  
Shouts to the VirtuaX Crew & Community!  
  
=================================================================================  
  
  
  
I. Background  
-------------  
  
"OTRS is an Open source Ticket Request System with many features to manage customer  
telephone calls and e-mails. The system is built to allow your support, sales,  
pre-sales, billing, internal IT, helpdesk, etc. department to react quickly to  
inbound inquiries"  
by otrs.org  
  
  
II. Vulnerablity  
----------------  
  
OTRS is vulnerable to a XSS/XSRF. It is possible to inject code into the  
Subaction parameter. Authentication is required to reach the page, but a  
non-authenticated user will be asked to login and the attack will still be carried  
out. XSRF is ofcourse also possible in this case.  
  
IIa. Affected Versions  
----------------------  
  
OTRS 2.0.4 was tested and appears to be vulnerable. I've tested version 2.2.0 and  
it doesn't seem to be vulnerable anymore.  
  
III. PoC  
--------  
  
http://server/otrs/index.pl?Action=AgentTicketMailbox&Subaction=<img src=  
https://server/otrs/images/Standard/new-message.png onLoad=javascript:alert('hello');>  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 May 2007 00:00Current
7.4High risk
Vulners AI Score7.4
otrsxssxsrfopen sourcevulnerableinjectionsubactionauthenticationaffected versionspoc
30
.json
Report