| _ .__ __ | | \ \ / /|__|_______/ | _______ ___ | | \ Y / | \ \ \ | \ \ \ \/ / | | \ / | || | \/| | | | // \_> < | | \/ |||| || |____/(____ //\_ \ | | \/ \/ | | Security without illusions | | www.virtuax.be | | |
Application: OTRS Vulnerable Versions: <= v2.0.x Vulnerability: XSS/XSRF Vendor: http://www.otrs.org Vendor Status: Notified Found: 07-05-2007 Public Release Date: 07-05-2007 Last modified: 07-05-2007 Author: ciri E-mail: ciri[a.t]virtuax[d.o.t]be reference: http://www.virtuax.be/advisories/Advisory5-07052007.txt
Shouts to the VirtuaX Crew & Community!
"OTRS is an Open source Ticket Request System with many features to manage customer telephone calls and e-mails. The system is built to allow your support, sales, pre-sales, billing, internal IT, helpdesk, etc. department to react quickly to inbound inquiries" by otrs.org
OTRS is vulnerable to a XSS/XSRF. It is possible to inject code into the Subaction parameter. Authentication is required to reach the page, but a non-authenticated user will be asked to login and the attack will still be carried out. XSRF is ofcourse also possible in this case.
OTRS 2.0.4 was tested and appears to be vulnerable. I've tested version 2.2.0 and it doesn't seem to be vulnerable anymore.
Copyright 2007 by ciri from Virtuax.be All rights reserved. 1