|发布时间 :2005-05-19 00:00:00|
|修订时间 :2016-10-17 23:07:32|
[原文]Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.
- CVSS (基础分值)
- CPE (受影响的平台与产品)
- OVAL (用于检测的技术细节)
(UNKNOWN) BUGTRAQ 20050516 DotNetNuke (Multiple XSS)
(UNKNOWN) BID 13644
(UNKNOWN) BID 13646
(UNKNOWN) BID 13647
(VENDOR_ADVISORY) MISC http://www.woany.co.uk/advisories/dotnetnukexss.txt
|2005-05-19 00:00:00||2005-10-20 00:00:00|
- 漏洞信息 (F39266)
|Mark Woan woany.co.uk|
DotNetNuke versions below 3.0.12 suffer from multiple cross site scripting flaws.
Security Advisory ----------------- Advisory Name: Multiple DotNetNuke Cross Site Scripting (XSS) Vulnerabilities Release Date: 16/05/2005 Application: DotNetNuke (Multiple versions affected) Platform: Microsoft Windows Versions Affected: Versions below 3.0.12 Severity: Allows unauthenticated cross site scripting attacks Author: Mark Woan (m.woan[at]eris.qinetiq.com) Vendor Status: Informed and patch available CVE Candidate: CAN-2005-0040 Reference: www.woany.co.uk/advisories/dotnetnukexss.txt Overview: DotNetNuke is an Open Source hybrid of the IBuySpy Portal. Its management team is dedicated to the ongoing management of core portal application enhancements. DotNetNuke provides automated content management capabilities and tools to maintain a dynamic and 100% interactive data-driven web site. Details: Issue 1 (XSS) ------------- There is a vulnerability caused by the lack of input validation when registering a new user within a DotNetNuke portal. An attacker could use a cross site scripting (XSS) attack when registering a new user, when the View All User Details page the malicious code will be executed, resulting in the capture of Administrative session credentials. Versions prior to 3.0.12 appear to be vulnerable. Issue 2 (Secondary XSS) ----------------------- The User-Agent string sent with each request is stored for logging purposes. This data comes from the client and cannot be trusted, and therefore must be sanitised. An attacker could set the User-Agent string for the request to malicious script code, which would be logged and executed when any logs are viewed that contain the User-Agent field. This attack can be utilised by an unauthenticated user simply requesting the root page. Issue 3 (Secondary XSS) ----------------------- The failed logon Username is stored and displayed on the Log Viewer page. An attacker can send a Logon request with malicious script set as the parameter value, the script passed in the parameter will be executed when an Administrative user views the Log Viewer page or any log page that displays the failed logon Username. Vendor Response: 05-01-2005 Contacted core development team via email 10-01-2005 Response from vendor received and confirmed 10-01-2005 Second mail sent regarding more issues 13-01-2005 Sent email asking for confirmation of second email (No vendor response) 12-03-2005 DotNetNuke v3.0.12 released (All reported security issues fixed) Recommendations: Users should install DotNetNuke v3.0.12 or greater. Notes: Thanks to NISCC (www.niscc.gov.uk) for their help assigning the CVE reference.
|DotNetNuke New User Registration XSS|
|Remote / Network Access||Input Manipulation|
|Loss of Integrity|
Unknown or Incomplete
Unknown or Incomplete
|Unknown or Incomplete|
|DotNetNuke Failed Logon Username Application Logs HTML Injection Vulnerability|
|Input Validation Error||13647|
|2005-05-16 12:00:00||2009-07-12 02:56:00|
|"Mark Woan" <email@example.com> is credited with the discovery of this vulnerability.|
|DotNetNuke DotNetNuke 3.0.8
DotNetNuke DotNetNuke 3.0.7
DotNetNuke DotNetNuke 2.1.2
DotNetNuke DotNetNuke 2.1.1
DotNetNuke DotNetNuke 1.0.10 e
DotNetNuke DotNetNuke 1.0.10 d
DotNetNuke DotNetNuke 1.0.9
DotNetNuke DotNetNuke 1.0.8
DotNetNuke DotNetNuke 1.0.7
DotNetNuke DotNetNuke 1.0.6
DotNetNuke DotNetNuke 3.1 .0
|DotNetNuke DotNetNuke 3.1 .0
|DotNetNuke is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Specifically, the application fails to sanitize user-supplied input that is supplied as a failed logon Username string value, allowing script or HTML code to be included in application log files.|
No exploit is required.
Reports indicate that a fix is available to address this vulnerability. Symantec has not confirmed this. Please contact the vendor for further information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.