Monday, 29 December 2014

CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Security Vulnerability


CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Security Vulnerability

Exploit Title: Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability
Product: dasBlog
Vendor: Newtelligence
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813)
Tested Version: 2.3 (2.3.9074.18820)
Advisory Publication: OCT 15, 2014
Latest Update: OCT 15, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]




Advisory Details:



(1) Vendor URL:
https://searchcode.com/codesearch/view/8710666/ https://www.microsoft.com/web/gallery/dasblog.aspx



(2) Vulnerability Description:
“Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.
dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It’s a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded original URL> which of course breaks WebSnapr previews.”


Web.config code:
<add verb=”*” path=”ct.ashx” type=”newtelligence.DasBlog.Web.Services.ClickThroughHandler, newtelligence.DasBlog.Web.Services”/>




(3) Vulnerability Detail:
Newtelligence dasBlog has a security problem. It is vulnerable to Open Redirect attacks.

(3.1) The vulnerability occurs at “ct.ashx?” page, with “&url” parameter,.






Solutions:
2014-10-15 Public disclosure with self-written patch.












References:

No comments:

Post a Comment