Newtelligence dasBlog 2.3 Open Redirect

2014.10.21
Credit: Wang Jing
Risk: Low
Local: No
Remote: Yes
CWE: CWE-601


CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

Exploit Title: Newtelligence dasBlog Open Redirect Vulnerability Product: dasBlog Vendor: Newtelligence Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813) Tested Version: 2.3 (2.3.9074.18820) Advisory Publication: OCT 15, 2014 Latest Update: OCT 15, 2014 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-7292 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore] Advisory Details: Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks. dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It's a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded original URL> which of course breaks WebSnapr previews. Web.config code: <add verb="*" path="ct.ashx" type="newtelligence.DasBlog.Web.Services.ClickThroughHandler, newtelligence.DasBlog.Web.Services"/> (1) The vulnerability occurs at "ct.ashx?" page, with "&url" parameter. Solutions: 2014-10-15 Public disclosure with self-written patch. References: http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability/ https://searchcode.com/codesearch/view/8710666/ https://www.microsoft.com/web/gallery/dasblog.aspx https://dasblog.codeplex.com/releases/view/86033 http://cwe.mitre.org http://cve.mitre.org/

References:

http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability/
https://searchcode.com/codesearch/view/8710666/
https://www.microsoft.com/web/gallery/dasblog.aspx
https://dasblog.codeplex.com/releases/view/86033
http://cwe.mitre.org
http://cve.mitre.org/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top