CVE-2014-7292
CVSS5.8
发布时间 :2014-10-23 10:55:02
修订时间 :2014-10-24 09:18:43
NMCPS    

[原文]Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.


[CNNVD]Newtelligence dasBlog 开放重定向漏洞(CNNVD-201410-1236)

        

Newtelligence dasBlog是一套基于ASP.NET的博客应用程序。

Newtelligence dasBlog的‘Click-Through’功能中存在开放重定向漏洞,该漏洞源于ct.ashx脚本没有充分过滤‘url’参数。远程攻击者可借助特制的URL利用该漏洞将用户重定向到任意Web站点,实施钓鱼攻击。

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:newtelligence:dasblog:2.3:2.3.9074.18820
cpe:/a:newtelligence:dasblog:2.2:2.2.8279.16125
cpe:/a:newtelligence:dasblog:2.1:2.1.8102.813

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7292
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7292
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201410-1236
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/97667
(UNKNOWN)  XF  dasblog-cve20147292-open-redirect(97667)
http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability
(UNKNOWN)  MISC  http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability
http://www.securityfocus.com/bid/70654
(UNKNOWN)  BID  70654
http://seclists.org/fulldisclosure/2014/Oct/91
(UNKNOWN)  FULLDISC  20141020 CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability
http://packetstormsecurity.com/files/128749/Newtelligence-dasBlog-2.3-Open-Redirect.html
(UNKNOWN)  MISC  http://packetstormsecurity.com/files/128749/Newtelligence-dasBlog-2.3-Open-Redirect.html

- 漏洞信息

Newtelligence dasBlog 开放重定向漏洞
中危
2014-10-29 00:00:00 2014-10-29 00:00:00
远程  
        

Newtelligence dasBlog是一套基于ASP.NET的博客应用程序。

Newtelligence dasBlog的‘Click-Through’功能中存在开放重定向漏洞,该漏洞源于ct.ashx脚本没有充分过滤‘url’参数。远程攻击者可借助特制的URL利用该漏洞将用户重定向到任意Web站点,实施钓鱼攻击。

- 公告与补丁

        目前厂商暂未发布修复措施解决此安全问题,使用此软件的用户可参考非厂商提供的临时修复措施(仅供参考)或随时关注厂商主页以获取最终解决办法:
        http://dasblog.codeplex.com/
        Nanyang Technological University提供的临时修复措施(仅供参考):
        https://searchcode.com/codesearch/view/8710666/

- 漏洞信息 (F128749)

Newtelligence dasBlog 2.3 Open Redirect (PacketStormID:F128749)
2014-10-20 00:00:00
Jing Wang  
exploit
CVE-2014-7292
[点击下载]

Newtelligence dasBlog versions 2.1 through 2.3 suffer from an open redirection vulnerability.

Exploit Title: Newtelligence dasBlog Open Redirect Vulnerability
Product: dasBlog
Vendor: Newtelligence
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125)
2.1(2.1.8102.813)
Tested Version: 2.3 (2.3.9074.18820)
Advisory Publication: OCT 15, 2014
Latest Update: OCT 15, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-7292
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]




Advisory Details:

Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.


dasBlog supports a feature called Click-Through which basically tracks all
links clicked inside your blog posts. It's a nice feature that allows the
blogger to stay informed what kind of content readers like. If
Click-Through is turned on, all URLs inside blog entries will be replaced
with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded
original URL> which of course breaks WebSnapr previews.


Web.config code:
<add verb="*" path="ct.ashx"
type="newtelligence.DasBlog.Web.Services.ClickThroughHandler,
newtelligence.DasBlog.Web.Services"/>


(1) The vulnerability occurs at "ct.ashx?" page, with "&url" parameter.



Solutions:
2014-10-15 Public disclosure with self-written patch.




References:
http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability/
https://searchcode.com/codesearch/view/8710666/
https://www.microsoft.com/web/gallery/dasblog.aspx
https://dasblog.codeplex.com/releases/view/86033
http://cwe.mitre.org
http://cve.mitre.org/


    

- 漏洞信息

Newtelligence DasBlog CVE-2014-7292 Open Redirection Vulnerability
Input Validation Error 70654
Yes No
2014-10-20 12:00:00 2014-10-20 12:00:00
Wang Jing

- 受影响的程序版本

- 漏洞讨论

DasBlog is prone to an open-redirection vulnerability.

An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

- 漏洞利用

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

- 解决方案

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站