Tags
0-day, 2014, 5.1.3, 9469, application, attack, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, hacker, IT vulnerability, PHP Code, problem, scripting, testing, vBulletion, whitehat, XSS
23 Thursday Jul 2015
Tags
0-day, 2014, 5.1.3, 9469, application, attack, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, hacker, IT vulnerability, PHP Code, problem, scripting, testing, vBulletion, whitehat, XSS
16 Tuesday Jun 2015
Posted 0day, Computer Security, XSS
inTags
0-day, 2014, 9468, application, attack, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, hacker, InstantASP, InstantForum, IT vulnerability, NET, PHP Code, problem, scripting, testing, v3.4.0, v4.1.3, whitehat, XSS
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
Product: InstantForum.NET
Vendor: InstantASP
Vulnerable Versions: v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Tested Version: v4.1.3 v4.1.1 v4.1.2
Advisory Publication: February 18, 2015
Latest Update: April 05, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9468
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Preposition Details:
(1) Vendor & Product Description:
Vendor:
InstantASP
Product & Version:
InstantForum.NET
v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Vendor URL & Download:
InstantForum.NET can be purchased from here,
http://docs.instantasp.co.uk/InstantForum/default.html?page=v413tov414guide.html
Product Introduction Overview:
“InstantForum.NET is a feature rich, ultra high performance ASP.NET & SQL Server discussion forum solution designed to meet the needs of the most demanding online communities or internal collaboration environments. Now in the forth generation, InstantForum.NET has been completely rewritten from the ground-up over several months to introduce some truly unique features & performance enhancements.“
“The new administrator control panel now offers the most comprehensive control panel available for any ASP.NET based forum today. Advanced security features such as role based permissions and our unique Permission Sets feature provides unparalleled configurable control over the content and features that are available to your users within the forum. Moderators can easily be assigned to specific forums with dedicated moderator privileges for each forum. Bulk moderation options ensure even the busiest forums can be managed effectively by your moderators.”
“The forums template driven skinning architecture offers complete customization support. Each skin can be customized to support a completely unique layout or visual appearance. A single central style sheet controls every aspect of a skins appearance. The use of unique HTML wrappers and ASP.NET 1.1 master pages ensures page designers can easily integrate an existing design around the forum. Skins, wrappers & master page templates can be applied globally to all forums or to any specific forum.”
(2) Vulnerability Details:
InstantForum.NET web application has a cyber security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. InstantForum has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, cyber intelligence, attack defense and solutions details related to important vulnerabilities.
(2.1) The first programming code flaw occurs at “&SessionID” parameter in “Join.aspx?” page.
(2.2) The second programming code flaw occurs at “&SessionID” parameter in “Logon.aspx?” page.
References:
http://securityrelated.blogspot.com/2015/02/cve-2014-9468-instantasp.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9468
http://packetstormsecurity.com/files/authors/11717
http://marc.info/?a=139222176300014&r=1&w=4
https://progressive-comp.com/?a=139222176300014&r=1&w=1%E2%80%8B
http://lists.openwall.net/full-disclosure/2015/02/18/7
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1608
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01704.html
http://seclists.org/fulldisclosure/2015/Feb/70
http://www.inzeed.com/kaleidoscope/cves/cve-2014-9468/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/cve-2014-9468/
https://vulnerabilitypost.wordpress.com/2015/02/18/cve-2014-9468/
https://mathfas.wordpress.com/2015/05/13/cve-2014-9468/
http://www.tetraph.com/blog/cves/cve-2014-9468/
http://computerobsess.blogspot.com/2015/05/cve-2014-9468-instantasp.html
14 Tuesday Apr 2015
Posted Computer Technology, IT Security
inTags
0-day, Application Exploit, browser, Computer Science, Computer Security, cve, cyber-security, Database Tech, Hacker Research, Information Security, Internet Testing, IT Security, IT Technology, PHP Code, Scripting Programming, vulnerability, Web Development, Web Flaw, Web Security, Website Bug, white-hat
Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities
Exploit Title: Opoint Media Intelligence click.php? &noblink parameter URL Redirection Security Vulnerabilities
Vendor: Opoint
Product: Opoint Media Intelligence
Vulnerable Versions:
Tested Version:
Advisory Publication: April 14, 2015
Latest Update: April 14, 2015
Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Discover and Writer: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]
Suggestion Details:
(1) Vendor & Product Description:
Vendor:
Opoint
Product & Version:
Opoint Media Intelligence
Vendor URL & Download:
Opoint Media Intelligence can be got from here,
http://www.opoint.com/index.php?page=home
Product Introduction Overview:
“Today, some libraries want to enhance their online presence in ways that go beyond the traditional OPAC and the “library portal” model to better integrate the latest Web functionality. With Opoint Media Intelligence, libraries will be able to take advantage of the latest Web technologies and engage Web-savvy users more effectively than ever before. Opoint Media Intelligence is a complete update of the Web OPAC interface”
“Opoint Media Intelligence breaks through the functional and design limitations of the traditional online catalog. Its solid technology framework supports tools for patron access such as Spell Check; integrated Really Simple Syndication (RSS) feeds; a suite of products for seamless Campus Computing; and deep control over information content and presentation with Cascading Style Sheets (CSS). Opoint Media Intelligence is also a platform for participation when integrated with Innovative’s Patron Ratings features and Community Reviews product. What’s more, with Opoint Media Intelligence’s RightResult™ search technology, the most relevant materials display at the top so patrons get to the specific items or topics they want to explore immediately. Opoint Media Intelligence can also interconnect with Innovative’s discovery services platform, Encore. And for elegant access through Blackberry® Storm™ or iPhone™, the AirPAC provides catalog searching, item requesting, and more.”
(2) Vulnerability Details:
Opoint Media Intelligence web application has a security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker’s choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.
Other Opoint products 0day vulnerabilities have been found by some other bug hunter researchers before. Opoint has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. “Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What’s more, you can now subscribe to an RSS feed containing the specific tags that you are interested in – you will then only receive alerts related to those tags.” It has published suggestions, advisories, solutions details related to Open Redirect vulnerabilities.
(2.1) The first code programming flaw occurs at “func/click.php?” page with “&noblink” parameter.
References:
http://securityrelated.blogspot.com/2015/04/opoint-media-intelligence-unvalidated.html
http://www.inzeed.com/kaleidoscope/computer-web-security/opoint-media-intelligence-open-redirect/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/opoint-media-intelligence-open-redirect/
https://computerpitch.wordpress.com/2015/04/14/opoint-media-intelligence-open-redirect/
http://www.iedb.ir/author-Wang%20Jing.html
http://www.websecuritywatch.com/open-redirect-vulnerability-in-wordpress-newsletter-2-6-x-2-5-x/
http://lists.openwall.net/full-disclosure/2015/03/02/7
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1646
04 Saturday Apr 2015
Posted IT Security
inTags
0-day, Application Exploit, browser, Computer Science, Computer Security, cyber-security, Database Tech, Hacker Research, Information Security, Internet Testing, IT Security, IT Technology, PHP Code, Scripting Programming, vulnerability, Web Development, Web Flaw, Web Security, Website Bug, white-hat
Times of India website vulnerable to Cross Site Scripting (XSS) attacks
India’s premier daily and popular website, Times of India is vulnerable to critical cross site scripting (XSS) attacks. Times of India which operates a website called indiatimes.com is a top news website in India and elsewhere.
The XSS vulnerability in the Times of India website was discovered by Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore. He has found that the vulnerability occurs atIndiatimes’s URL links. Indiatimes only party filters the filenames in its website. Jing says due to this almost all URLs under Indiatimes’s “Photogallery” and “Top-lists” topics are affected by this vulnerability.
04 Saturday Apr 2015
Posted CVE, FPD, Information Leakage
inTags
0day-exploit, attack-defense, bug-vulnerability, Computer Science, Computer Security, computer-engineering, crime-prevent, cve-information, cyber-intelligence, cyber-security, FPD, Full Path Disclosure, hacker-prevention, IEEE, Information Leakage, Internet-information, IT News, math student, NetCat, PHP Code, wangjing, web-application-test, whitehat-technology
CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities
Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 5.01 3.12
Advisory Publication: February 27, 2015
Latest Update: May 05, 2015
Vulnerability Type: Information Leak / Disclosure [CWE-200]
CVE Reference: CVE-2015-2214
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information
Credit and Writer: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Consultation Details:
(1) Vendor & Product Description:
Vendor:
NetCat
Product & Version:
NetCat
5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Vendor URL & Download:
NetCat can be accessed from here,
Product Introduction Overview:
NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card” with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data – in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section.”
“Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000.”
“We give a discount on any edition NetCat
We try to help our partners to enter into a close-knit team. To reduce your expenses on the development of a new system, we provide special conditions for the acquisition of commercial licenses NetCat, for a partner is assigned a permanent discount of 40%, which according to the results of further sales could be increased to 60%.”
“Teach your developers work with the secrets NetCat
In addition to the detailed documentation and video tutorials to new partners we offer a unique free service – direct contact with the developer from the team NetCat, which will help in the development of product development tools.”
“We give customers
Once you develop the three sites NetCat information about you appear in our ranking developers. This means that you not only begin to receive direct requests from clients but also become a member of tenders conducted by customers. In addition, if the partner is really good work, employees NetCat begin recommending it to clients requesting assistance in the choice of contractor.”
“We will help in the promotion of
The company is a regular participant NetCat large number of forums, seminars and conferences. We are happy to organize together with partners involved, help with advertising materials and share information for the report.”
“Confirmed its status in the eyes of customers
We have a very flexible system of certification of partners: we do not give certificates for the sale of licenses and for the developed sites. So, for example, to obtain a certificate “Development of corporate websites’ to add to your personal account three implementation of the appropriate type.”
(2) Vulnerability Details:
NetCat web application has a computer security bug problem. It can be exploited by information leakage attacks – Full Path Disclosure (FPD). This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Netcat has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to important vulnerabilities.
(2.1) The first programming code flaw occurs at “&redirect_url” parameter in “netshop/post.php?” page.
References:
http://securityrelated.blogspot.com/2015/02/netcat-cms-full-path-disclosure.html
http://seclists.org/fulldisclosure/2015/Mar/8
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01740.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1645
http://lists.openwall.net/full-disclosure/2015/03/02/6
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142527117510514&w=2
http://marc.info/?l=full-disclosure&m=142527117510514&w=4
http://essayjeans.blog.163.com/blog/static/2371730742015411113047382/
http://www.weibo.com/1644370627/ChjMoA9hD?type=comment#_rnd1431315096193
04 Saturday Apr 2015
Posted IT Security
inTags
0-day, Application Exploit, browser, Computer Science, Computer Security, cyber-security, Database Tech, Hacker Research, Information Security, Internet Testing, IT Security, IT Technology, PHP Code, Scripting Programming, vulnerability, Web Development, Web Flaw, Web Security, Website Bug, white-hat
CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: Atlas Systems Aeon XSS Vulnerability
Product: Aeon
Vendor: Atlas Systems
Vulnerable Versions: 3.6 3.5
Tested Version: 3.6
Advisory Publication: Nov 12, 2014
Latest Update: Nov 12, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7290
Solution Status: Fixed by Vendor
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore]
24 Tuesday Mar 2015
Posted IT Security
inTags
0-day, Application Exploit, browser, Computer Science, Computer Security, cyber-security, Database Tech, Hacker Research, Information Security, Internet Testing, IT Security, IT Technology, PHP Code, Scripting Programming, vulnerability, Web Development, Web Flaw, Web Security, Website Bug, white-hat
Product: OpenSSO Integration
Vendor: NYU
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: DEC 29, 2014
Latest Update: DEC 29, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7293
Risk Level: Medium
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]
04 Wednesday Mar 2015
Posted IT Security
inTags
0-day, Application Exploit, browser, Computer Science, Computer Security, cyber-security, Database Tech, Hacker Research, Information Security, Internet Testing, IT Security, IT Technology, PHP Code, Scripting Programming, vulnerability, Web Development, Web Flaw, Web Security, Website Bug, white-hat
http://itprompt.blogspot.com/2014/12/cve-2014-7291-springshare-libcal-xss.html
25 Wednesday Feb 2015
Posted 0day, Web Security, XSS
inTags
0day-exploit, attack-defense, bug-vulnerability, Computer Science, Computer Security, computer-engineering, crime-prevent, cve-information, cyber-intelligence, cyber-security, hacker-prevention, IEEE, Internet-information, IT-news, math student, PHP Code, wangjing, web-application-test, whitehat-technology, XSS
CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities
Exploit Title: OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability
Vendor: OptimalSite
Product: OptimalSite Content Management System (CMS)
Vulnerable Versions: V.1 V2.4
Tested Version: V.1 V2.4
Advisory Publication: January 24, 2015
Latest Update: January 31, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9562
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Credit: Jing Wang [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)
Suggestion Details:
(1) Vendor & Product Description
Vendor:
OptimalSite
Product & Version:
OptimalSite Content Management System (CMS)
V.1
V2.4
Vendor URL & Download:
The product can be obtained from here,
http://www.optimalsite.com/en/
Product Description Overview:
“Content management system OptimalSite is an online software package that enables the management of information published on a website. OptimalSite consists of the system core and integrated modules, which allow expanding website possibilities and functionality. You may select a set of modules that suits your needs best.
Website page structure
Website page structure is presented in a tree structure similar to Windows Explorer, so that several page levels can be created for each item on the menu. The website’s structure itself can be easily edited: you can create new website pages, delete unnecessary ones, and temporarily disable individual pages.
Website languages
OptimalSite may be used to create a website in different languages, the number of which is not limited. Different information may be presented in each separate language and the structure of pages in each language may also differ.
WYSIWYG (What You See Is What You Get) text editor
Using this universal text editor makes posting and replacing information on the website effortless. Even a minimum knowledge of MS Word and MS Excel will make it easy to use the tools of WYSIWYG text editor and implement your ideas.
Search function in the system
By using search function system’s administrator is able to find any information that is published in administrative environment. It is possible to execute a search in the whole system and in separate its’ modules as well.
Recycle bin function
System administrator is able to delete useless data. All deleted data is stored in recycle bin, so administrator can restore information anytime. “
(2) Vulnerability Details:
OptimalSite web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other the similar product 0-day vulnerabilities have been found by some other bug hunter researchers before. OptinalSite has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services.” Openwall has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The code programming flaw occurs at “&image” parameter in “display_dialog.php” page.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9562
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01646.html
http://lists.openwall.net/full-disclosure/2015/02/02/3
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1546
http://japanbroad.blogspot.sg/2015/05/cve-2014-9562-optimalsite-content.html
http://tetraph.blog.163.com/blog/static/234603051201541082835108/
https://www.facebook.com/permalink.php?story_fbid=1025716320801705&id=922151957824809
https://twitter.com/yangziyou/status/597377123976785920
https://plus.google.com/110001022997295385049/posts/7rNn4ynjzRP
http://itsecurity.lofter.com/post/1cfbf9e7_6e96648
http://securitypost.tumblr.com/post/118602594462/cve-2014-9562-optimalsite-content-management
11 Wednesday Feb 2015
Posted 0day, Computer Security, XSS
inTags
0-day, 1475, 2.3.3, 2015, application, attack, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, forum, hacker, IT vulnerability, my little, PHP Code, problem, scripting, testing, whitehat, XSS
CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities
Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities
Vendor: My Little Forum
Product: My Little Forum
Vulnerable Versions: 2.3.3 2.2 1.7
Tested Version: 2.3.3 2.2 1.7
Advisory Publication: February 04, 2015
Latest Update: February 11, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-1475
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Credit: Wang Jing [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)
Recommendation Details:
(1) Vendor & Product Description
Vendor:
My Little Forum
Product & Version:
My Little Forum
2.3.3
2.2
1.7
Vendor URL & Download:
Product Description:
“my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.
Features
Usenet like threaded tree structure of the messages
Different views of the threads possible (classical, table, folded)
Categories and tags
BB codes and smilies
Image upload
Avatars
RSS Feeds
Template engine (Smarty)
Different methods of spam protection (can be combined: graphical/mathematical CAPTCHA, wordfilter, IP filter, Akismet, Bad-Behavior)
Localization: language files, time zone and UTF-8 support (see current version for already available languages)”
(2) Vulnerability Details:
My Little Forum web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several similar products vulnerabilities have been found by some other bug hunter researchers before. My Little Forum has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The first programming code flaw occurs at “forum.php?” page with “&page”, “&category” parameters.
(2.2) The second programming code flaw occurs at “board_entry.php?” page with “&page”, “&order” parameters.
(2.3) The third programming code flaw occurs at “forum_entry.php” page with “&order”, “&page” parameters.
References:
http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/02/my-little-forum-multiple-xss-security.html
http://seclists.org/fulldisclosure/2015/Feb/15
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01652.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1553
http://packetstormsecurity.com/files/authors/11270
http://marc.info/?a=139222176300014&r=1&w=4
http://lists.openwall.net/full-disclosure/2015/02/03/2
http://essaybeans.blogspot.com/2015/05/cve-2015-1475-my-little-forum-multiple.html
http://www.osvdb.org/creditees/12822-wang-jing
https://twitter.com/tetraphibious/status/597971919892185088
http://japanbroad.blogspot.jp/2015/05/cve-2015-1475-my-little-forum-multiple.html
https://www.facebook.com/tetraph/posts/1649600031926623
http://user.qzone.qq.com/2519094351/blog/1431403836
https://www.facebook.com/permalink.php?story_fbid=460795864075109&id=405943696226993
https://plus.google.com/+wangfeiblackcookie/posts/Sj63XDPhH1j
http://essayjeans.blog.163.com/blog/static/2371730742015412037547/#
http://whitehatpost.lofter.com/post/1cc773c8_6ed5839
http://whitehatview.tumblr.com/post/118754859716/cve-2015-1475-my-little-forum-multiple-xss-web