白帽子安全

白帽子文章
计算机安全
安全漏洞
网络攻击

© 白帽子安全 | Powered by LOFTER

CVE-2014-7292 Newtelligence dasBlog Dest Redirect

CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability


Exploit Title: Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability
Product: dasBlog
Vendor:    Newtelligence
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813)
Tested Version: 2.3 (2.3.9074.18820)
Advisory Publication: OCT 15, 2014
Latest Update:    OCT 15, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 


 
 
Advisory Details: 
 
 
 
 (1) Vendor URL: 
 https://searchcode.com/codesearch/view/8710666/ https://www.microsoft.com/web/gallery/dasblog.aspx   
 
 
 
 (2) Vulnerability Description: 
 “Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks. 
dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It’s a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded original URL> which of course breaks WebSnapr previews.” 
 
 
Web.config code: 
 <add verb=”*” path=”ct.ashx” type=”newtelligence.DasBlog.Web.Services.ClickThroughHandler, newtelligence.DasBlog.Web.Services”/> 
 
 
 
 (3) Vulnerability Detail: 
Newtelligence dasBlog has a security problem. It is vulnerable to Open Redirect attacks. 
 
 (3.1) The vulnerability occurs at “ct.ashx?” page, with “&url” parameter,. 
 
 
 
 
 
 
 Solutions: 
2014-10-15 Public disclosure with self-written patch. 
 
 
 
 
 
 
 
 
 
 
 
 References: 

 http://cxsecurity.com/issue/WLB-2014100118

 http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability/

 http://www.securityfocus.com/bid/70654

 http://seclists.org/fulldisclosure/2014/Oct/91

 http://www.venustech.com.cn/NewsInfo/124/30608.Html

 http://packetstormsecurity.com/files/128749/
 http://computerobsess.blogspot.sg/2014/12/cve-2014-7292-newtelligence-dasblog.html 

 http://marc.info/?l=full-disclosure&m=141378771804426&w=4

 http://www.cnvd.org.cn/flaw/show/CNVD-2014-07223 
 http://vulnerabilitypost.wordpress.com/2014/12/29/cve-2014-7292-newtelligence-dasblog-dest-redirect-privilege-escalation-security-vulnerability/ 

评论
热度 ( 4 )