Lotus Domino Web Administrator – Cross Site Command Execution
2013-04-21 10:57
211 查看
Description
Lotus Domino is vulnerable to CSRF attack which can de used for OS command execution in webadmin.nsf database by using Quick Console.Lotus Domino is an IBM server product that provides enterprise-grade e-mail, collaboration capabilities, and custom application platform. Domino began life as Lotus Notes Server, the server component of Lotus Development Corporation's client-server messaging
technology. It can be used as an application server for Lotus Notes applications and/or as a web server. It also has a built-in database system in the format of NSF.
Details
Server is vulnerable to Cross Site Request Forgery attack.One of the ways to execute this attack is Cross Site Command Execution.
By sending a special link to the administrator, an attacker can execute any command on the OS where Lotus is installed and get the result of the executed command.
Example:
An attacker can give the administrator the following link:
URL=http://server/webadmin.nsf/agReadConsoleData$UserL2?OpenAgent&Mode=QuickConsole&Command=load cmd /c net user hack hack123 /add > C:\Lotus\Domino\data\domino\html\download\filesets\netuser.png&1271932906681
If the administrator clicks this link, a command is executed which will add a new user to the OS.
The attacker can also check if it executes by reading the file
http://server/download/filesets/netuser.png
相关文章推荐
- Tools for Web Site Administrator
- lotus domino web dev
- 【常见Web应用安全问题】---1、Cross Site Scripting
- web安全三——跨站请求伪造攻击(Cross Site Request Forgery (CSRF))
- 【常见Web应用安全问题】---1、Cross Site Scripting
- 【常见Web应用安全问题】---1、Cross Site Scripting
- gitWeb v1.5.2 Remote Command Execution
- 转---用Lotus Notes Designer for Domino为Web站点设计计数器
- web常见攻击二——命令注入攻击(Command Injection Execution)
- 在 Lotus Quickr for Domino 环境中使用 Tivoli Access Manager WebSEAL 作为反向代理服务器
- 开发基于 IBM Lotus Domino 的 Web 2.0 应用的最佳实践
- IBM Lotus Domino 7 中的实用 Web 服务,第 1 部分: 什么是 Web 服务以及它们为何如此重要
- Web安全之XSS(Cross Site Scripting)深入理解
- IBM Lotus Domino Web 服务器的安全-Internet 锁定特性
- 在 IBM Lotus Domino 7 中使用 Web 服务,第 3 部分: 编写复杂的 Web 服务
- CISVul20061219:WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities
- WordPress 3.3.1 Code Execution / Cross Site Scripting
- 开发 IBM Lotus Domino Web 2.0 客户机
- IBM Lotus Domino 7 中的实用 Web 服务,第 2 部分: 编写和测试简单的 Web 服务
- IBM Lotus Domino 7 中的实用 Web 服务,第 2 部分: 编写和测试简单的 Web 服务