Exploit Title: Newtelligence dasBlog Open Redirect Vulnerability
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125)
Tested Version: 2.3 (2.3.9074.18820)
Advisory Publication: OCT 15, 2014
Latest Update: OCT 15, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-7292
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]
Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.
dasBlog supports a feature called Click-Through which basically tracks all
links clicked inside your blog posts. It's a nice feature that allows the
blogger to stay informed what kind of content readers like. If
Click-Through is turned on, all URLs inside blog entries will be replaced
with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded
original URL> which of course breaks WebSnapr previews.
<add verb="*" path="ct.ashx"
(1) The vulnerability occurs at "ct.ashx?" page, with "&url" parameter.
2014-10-15 Public disclosure with self-written patch.