Exploit Title: vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
Product: vBulletin Forum
Vendor: vBulletin
Vulnerable Versions: 5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4
Tested Version: 5.1.3 4.2.2
Advisory Publication: February 12, 2015
Latest Update: February 26, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9469
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Writer and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Preposition Details:
(1) Vendor & Product Description:
Vendor:
vBulletin
Product & Version:
vBulletin Forum
5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4
Vendor URL & Download:
vBulletin can be acquired from here,
Product Introduction Overview:
“vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc., a division of Internet Brands. It is written in PHP and uses a MySQL database server.”
Since the initial release of the vBulletin forum product in 2000, there have been many changes and improvements. Below is a list of the major revisions and some of the changes they introduced. The current production version is 3.8.7, 4.2.2, and 5.1.3.
Simplified site set up and customization
The new Site Builder makes it easier than ever to build and manage a site. Customizable page templates, drag-and-drop configuration and in-line site editing simplify page layout. A variety of design themes can be easily selected.
Dynamic tools for content discovery
Customizable content modules provide enhanced content discovery, engaging users into deeper site visits. The vBulletin search has been re-architected to significantly improve the quality of its results, further facilitating content discovery.
Sleek new UI features activity stream and increased social engagement
Improved social functionality includes groups, new user profiles, comments functionality, an integrated messaging hub, social content curation, real-time updates and more.
Expanded photo and video capabilities
The new interface invites users to quickly post photos and video, expanding content on vBulletin sites. This media is then leveraged by being better integrated with the rest of a site’s content. User profiles provide an engaging aggregation of all media posted by them.
Category-leading mobile optimization
The integrated mobile-optimized version ensures smartphone visitors will stay longer and return.
Robust architecture
Improved architecture provides better performance and easier customization
Built-in SEO helps maximize search traffic
Easy-to-use upgrader tool available for vBulletin 3 and 4 sites, plus importer for sites on other forum software”
(2) Vulnerability Details:
vBulletin web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. vBulletion has patched some of them. Gmane (pronounced “mane”) is an e-mail to news gateway. It allows users to access electronic mailing lists as if they were Usenet newsgroups, and also through a variety of web interfaces. Gmane is an archive; it never expires messages (unless explicitly requested by users). Gmane also supports importing list postings made prior to a list’s inclusion on the service. It has published suggestions, advisories, solutions related to important vulnerabilities.
(2.1) The programming code flaw occurs at “forum/help” page. Add “hash symbol” first. Then add script at the end of it.
References:
http://packetstormsecurity.com/files/authors/11270
https://progressive-comp.com/?a=139222176300014&r=1&w=1%E2%80%8B
http://lists.openwall.net/full-disclosure/2015/02/13/3
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01684.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1588
http://shellmantis.tumblr.com/post/118777939056/lifegrey-cve-2014-9469-vbulletin-xss#notes
http://testingcode.lofter.com/post/1cd26eb9_6eec951
http://tetraph.blogspot.com/2015/05/cve-2014-9469-vbulletin-xss-cross-site.html
https://vulnerabilitypost.wordpress.com/2015/05/12/cve-2014-9469-vbulletin-xss/
https://www.facebook.com/computersecurities/posts/375780759275383?
http://tetraph.lofter.com/post/1cc758e0_6eeac27
https://plus.google.com/102963385033389079817/posts/1ACxSMZYmCS
http://computerobsess.blogspot.com/2015/05/cve-2014-9469-vbulletin-xss-cross-site.html
CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities
CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities
Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities
Vendor: My Little Forum
Product: My Little Forum
Vulnerable Versions: 2.3.3 2.2 1.7
Tested Version: 2.3.3 2.2 1.7
Advisory Publication: February 04, 2015
Latest Update: February 11, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-1475
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Credit: Jing Wang [School of Mathematical Sciences (001), University of Science and Technology of China (USTC)] (@justqdjing)
Recommendation Details:
(1) Vendor & Product Description
Vendor:
My Little Forum
Product & Version:
My Little Forum
2.3.3
2.2
1.7
Vendor URL & Download:
Product Description:
“my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.
Features
Usenet like threaded tree structure of the messages
Different views of the threads possible (classical, table, folded)
Categories and tags
BB codes and smilies
Image upload
Avatars
RSS Feeds
Template engine (Smarty)
Different methods of spam protection (can be combined: graphical/mathematical CAPTCHA, wordfilter, IP filter, Akismet, Bad-Behavior)
Localization: language files, time zone and UTF-8 support (see current version for already available languages)”
(2) Vulnerability Details:
My Little Forum web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several similar products vulnerabilities have been found by some other bug hunter researchers before. My Little Forum has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The first programming code flaw occurs at “forum.php?” page with “&page”, “&category” parameters.
(2.2) The second programming code flaw occurs at “board_entry.php?” page with “&page”, “&order” parameters.
(2.3) The third programming code flaw occurs at “forum_entry.php” page with “&order”, “&page” parameters.
References:
http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/02/my-little-forum-multiple-xss-security.html
http://seclists.org/fulldisclosure/2015/Feb/15
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01652.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1553
http://packetstormsecurity.com/files/authors/11270
http://marc.info/?a=139222176300014&r=1&w=4
http://lists.openwall.net/full-disclosure/2015/02/03/2
http://essaybeans.blogspot.com/2015/05/cve-2015-1475-my-little-forum-multiple.html
http://www.osvdb.org/creditees/12822-wang-jing
https://twitter.com/tetraphibious/status/597971919892185088
http://japanbroad.blogspot.jp/2015/05/cve-2015-1475-my-little-forum-multiple.html
https://www.facebook.com/tetraph/posts/1649600031926623
http://user.qzone.qq.com/2519094351/blog/1431403836
https://www.facebook.com/permalink.php?story_fbid=460795864075109&id=405943696226993
https://plus.google.com/+wangfeiblackcookie/posts/Sj63XDPhH1j
http://essayjeans.blog.163.com/blog/static/2371730742015412037547/#
http://whitehatpost.lofter.com/post/1cc773c8_6ed5839
http://whitehatview.tumblr.com/post/118754859716/cve-2015-1475-my-little-forum-multiple-xss-web
CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability
CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Web Security Vulnerability
Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS
Product: OpenSSO Integration
Vendor: NYU
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: December 29, 2014
Latest Update: December 29, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7293
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Writer: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Suggestion Details:
(1) Vendor & Product Description:
Vendor:
NYU
Product & Vulnerable Versions:
OpenSSO Integration
2.1
Vendor URL & Download:
OpenSSO Integration can be obtrained from here,
Product Description:
“NYU has integrated PDS with Sun’s OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries’ single sign-on system and leverages NYU’s OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services.”
“The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library’s SSO environment. The exception to this rule is EZProxy.”
“Author: Scot Dalton
Additional author(s):
Institution: New York University
Year: 2009
License: BSD style
Short description: Use, modification and distribution of the code are permitted provided the copyright notice, list of conditions and disclaimer appear in all related material.
Link to terms: [Detailed license terms]”
(2) Vulnerability Details:
NYU Opensso Integration web application has a computer cyber security bug problem. Hacker can exploit it by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Other similar products 0day vulnerabilities have been found by some other bug hunter researchers before. NYU has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. “Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What’s more, you can now subscribe to an RSS feed containing the specific tags that you are interested in – you will then only receive alerts related to those tags.” It has published suggestions, advisories, solutions details related to website vulnerabilities.
(2.1) The vulnerability occurs at “PDS” service’s logon page, with “&url” parameter,
References:
http://tetraph.com/security/cves/cve-2014-7293-ex-libris-patron-directory-services-pds-xss
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7293
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7293
http://seclists.org/fulldisclosure/2014/Dec/125
http://www.securityfocus.com/bid/71812
http://computerobsess.blogspot.com/2015/02/cve-2014-7293-nyu-opensso-integration.html
http://whitehatview.tumblr.com/post/110719704806/shellmantis-cve-2014-7293-nyu-opensso
http://itsecurity.lofter.com/post/1cfbf9e7_5c667f0
http://tetraph.blogspot.com/2015/02/cve-2014-7293-nyu-opensso-integration.html
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2
http://tetraph.blog.163.com/blog/static/234603051201511084313351/
http://lists.kde.org/?a=139222176300014&r=1&w=2
http://www.inzeed.com/kaleidoscope/computer-security/cve-2014-7293
http://mathswift.blogspot.com/2015/02/cve-2014-7293-nyu-opensso-integration.html
http://marc.info/?a=139222176300014&r=1&w=4
https://computertechhut.wordpress.com/2015/02/10/cve-2014-7293-nyu-opensso
http://diebiyi.com/articles/security/xss-vulnerability/cve-2014-7293
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS
Product: TennisConnect COMPONENTS System
Vendor: TennisConnect
Vulnerable Versions: 9.927
Tested Version: 9.927
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8490
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]
Advisory Details:
(1) Vendor URL:
http://www.tennisconnect.com/products.cfm#Components
Product Description:
TennisConnect COMPONENTS
* Contact Manager (online player database)
* Interactive Calendar including online enrollment
* League & Ladder Management through Tencap Tennis
* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)
* Multi-Administrator / security system with Page Groups
* Member Administration
* MobileBuilder
* Online Tennis Court Scheduler
* Player Matching (Find-a-Game)
* Web Site Builder (hosted web site and editing tools at www. your domain name .com)
(2) Vulnerability Details.
TennisConnect COMPONENTS System has a security problem. It is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “/index.cfm?” page, with “&pid” parameter.
References:
http://packetstormsecurity.com/files/129662/TennisConnect-9.927-Cross-Site-Scripting.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8490
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8490
http://www.osvdb.org/show/osvdb/116149
http://cve.scap.org.cn/CVE-2014-8490.html
http://en.hackdig.com/?11701.htm
http://seclists.org/fulldisclosure/2014/Dec/83
http://securitypost.tumblr.com/
http://computerobsess.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://whitehatpost.blog.163.com/blog/static/2422320542015110102316210/#
http://tetraph.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1352
CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability
Advisory Details:
(1) Vendor URL:
http://jce-tech.com/products/
Product Description:
“The PHP Video Script instantly creates a niche video site based on keywords users control via the admin console. The videos are displayed on users’ site, but streamed from the YouTube servers.”
(2) Vulnerability Details.
JCE-Tech “Video Niche Script” is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “view.php” page with “video”, “title” parameters.
CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities
References:
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
Product: InstantForum.NET
Vendor: InstantASP
Vulnerable Versions: v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Tested Version: v4.1.3 v4.1.1 v4.1.2
Advisory Publication: Feb 18, 2015
Latest Update: Feb 18, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9468
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]
Advisory Details:
(1) Vendor & Product Description:
Vendor:
InstantASP
Product & Version:
InstantForum.NET
v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Vendor URL & Download:
InstantForum.NET can be downloaded from here,
http://docs.instantasp.co.uk/InstantForum/default.html?page=v413tov414guide.html
Product Introduction:
“InstantForum.NET is a feature rich, ultra high performance ASP.NET & SQL Server discussion forum solution designed to meet the needs of the most demanding online communities or internal collaboration environments. Now in the forth generation, InstantForum.NET has been completely rewritten from the ground-up over several months to introduce some truly unique features & performance enhancements.”
“The new administrator control panel now offers the most comprehensive control panel available for any ASP.NET based forum today. Advanced security features such as role based permissions and our unique Permission Sets feature provides unparalleled configurable control over the content and features that are available to your users within the forum. Moderators can easily be assigned to specific forums with dedicated moderator privileges for each forum. Bulk moderation options ensure even the busiest forums can be managed effectively by your moderators.”
“The forums template driven skinning architecture offers complete customization support. Each skin can be customized to support a completely unique layout or visual appearance. A single central style sheet controls every aspect of a skins appearance. The use of unique HTML wrappers and ASP.NET 1.1 master pages ensures page designers can easily integrate an existing design around the forum. Skins, wrappers & master page templates can be applied globally to all forums or to any specific forum.”
(2) Vulnerability Details:
InstantForum.NET has a security problem. It can be exploited by XSS attacks.
(2.1) The first vulnerability occurs at “Join.aspx” page with “SessionID” parameter of it.
(2.2) The second vulnerability occurs at “Logon.aspx” page with “SessionID” parameter of it.
References:
CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability
Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
CVE Reference: CVE-2014-9558
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]
CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9557
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]
ty.lofter.com/post/1cfbf9e7_5c3a4a8″ target=”_blank”>http://itsecurity.lofter.com/post/1cfbf9e7_5c3a4a8
CVE-2014-7294 NYU Opensso Integration Open Redirect Security Vulnerability
CVE-2014-7294 NYU OpenSSO Integration 2.1 Dest Privilege Escalation Web Security Vulnerability
Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect
Product: OpenSSO Integration
Vendor: NYU
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: December 14, 2014
Latest Update: January 05, 2015
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-7294
mpact CVSS Severity (version 2.0):
CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification
Discover and Writer: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Suggestion Details:
(1) Vendor & Product Description:
Vendor:
NYU
Product & Vulnerable Versions:
OpenSSO Integration
2.1
Vendor URL & Download:
OpenSSO Integration can be obtrained from here,
Product Description:
“NYU has integrated PDS with Sun’s OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries’ single sign-on system and leverages NYU’s OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services.”
“The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library’s SSO environment. The exception to this rule is EZProxy.”
“Author: Scot Dalton
Additional author(s):
Institution: New York University
Year: 2009
License: BSD style
Short description: Use, modification and distribution of the code are permitted provided the copyright notice, list of conditions and disclaimer appear in all related material.
Link to terms: [Detailed license terms]”
(2) Vulnerability Details:
NYU Opensso Integration web application has a computer security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker’s choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.
Other similar products 0day vulnerabilities have been found by some other bug hunter researchers before. NYU has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. “Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What’s more, you can now subscribe to an RSS feed containing the specific tags that you are interested in – you will then only receive alerts related to those tags.” It has published suggestions, advisories, solutions details related to website vulnerabilities.
(2.1) The vulnerability occurs at “PDS” service’s logon page, with “&url” parameter.
References:
http://tetraph.com/security/cves/cve-2014-7294-ex-libris-patron-directory
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7294
http://seclists.org/fulldisclosure/2014/Dec/127
http://tetraph.blogspot.com/2015/02/cve-2014-7294-nyu-opensso-integration.html
http://diebiyi.com/articles/security/open-redirect/cve-2014-7294
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01506.html
http://lists.openwall.net/full-disclosure/2014/12/29/5
https://itswift.wordpress.com/2015/02/12/cve-2014-7294-nyu-opensso
https://vulnerabilitypost.wordpress.com/2015/02/10/cve-2014-7294
http://mathstopic.blogspot.com/2015/05/cve-2014-7294-nyu-opensso-integration.html
http://whitehatview.tumblr.com/post/110720300046/cve-2014-7294-nyu-opensso-integration
http://itsecurity.lofter.com/post/1cfbf9e7_5c6681c
http://www.inzeed.com/kaleidoscope/computer-security/cve-2014-7294
http://computerobsess.blogspot.com/2015/02/cve-2014-7294-nyu-opensso-integration.html
Computer & Web Vulnerabilities 