CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability

Exploit Title: Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability
Product: dasBlog
Vendor:    Newtelligence
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813)
Tested Version: 2.3 (2.3.9074.18820)
Advisory Publication: OCT 15, 2014
Latest Update:    OCT 15, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]

 

 

Advisory Details:

Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.

dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It’s a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with /ct.ashx?id=&url= which of course breaks WebSnapr previews.

Web.config code:

 

 

(1) The vulnerability occurs at “ct.ashx?” page, with “&url” parameter,.

 

 

 

Solutions:
2014-10-15 Public disclosure with self-written patch.

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s