#!/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 3.1.8 and 3.1.9 Vendor Homepage: http://otrs.org CVE: 2012-4600 Timeline: 22 Aug 2012: Vulnerability reported to vendor and CERT 23 Aug 2012: Response received from CERT and vendor 28 Aug 2012: Update from vendor to have it fixed and released on 30 Aug 2012 30 Aug 2012: Update: vulnerability patched http://www.kb.cert.org/vuls/id/511404 http://znuny.com/#!/advisory/ZSA-2012-02 http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-02/ 31 Aug 2012: Public Disclosure Installed On: Windows Server 2008 R2 & Open SUSE 12.1 Client Test OS: Window 7 Pro SP1 (x86) Browser Used: Firefox 14 & Opera 12.01 Injection Point: HTML Email Injection Payload(s): 1: ...