Newtelligence dasBlog 2.3 Open Redirect

Credit: Wang Jing
Risk: Low
Local: No
Remote: Yes
CWE: CWE-601

CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

Exploit Title: Newtelligence dasBlog Open Redirect Vulnerability Product: dasBlog Vendor: Newtelligence Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813) Tested Version: 2.3 (2.3.9074.18820) Advisory Publication: OCT 15, 2014 Latest Update: OCT 15, 2014 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-7292 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore] Advisory Details: Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks. dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It's a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded original URL> which of course breaks WebSnapr previews. Web.config code: <add verb="*" path="ct.ashx" type="newtelligence.DasBlog.Web.Services.ClickThroughHandler, newtelligence.DasBlog.Web.Services"/> (1) The vulnerability occurs at "ct.ashx?" page, with "&url" parameter. Solutions: 2014-10-15 Public disclosure with self-written patch. References:


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020,


Back to Top