CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability

Computer_Security_thumb

 

CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Security Vulnerability

 

Exploit Title: Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability
Product: dasBlog
Vendor: Newtelligence
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813)
Tested Version: 2.3 (2.3.9074.18820)
Advisory Publication: OCT 15, 2014
Latest Update: OCT 15, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

 

 

Advisory Details:

 

 

 

 

 

(1) Vendor URL:
https://searchcode.com/codesearch/view/8710666/ https://www.microsoft.com/web/gallery/dasblog.aspx



(2) Vulnerability Description:
“Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.
dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It’s a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded original URL> which of course breaks WebSnapr previews.”

Web.config code:
<add verb=”*” path=”ct.ashx” type=”newtelligence.DasBlog.Web.Services.ClickThroughHandler, newtelligence.DasBlog.Web.Services”/>

 

 

 

 

(3) Vulnerability Detail:
Newtelligence dasBlog has a security problem. It is vulnerable to Open Redirect attacks.

 

 

 

 

(3.1) The vulnerability occurs at “ct.ashx?” page, with “&url” parameter,.

 

 

 

 

 

Solutions:
2014-10-15 Public disclosure with self-written patch.

 

 

 

 

 

References:
http://cxsecurity.com/issue/WLB-2014100118
http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence
http://www.securityfocus.com/bid/70654
http://seclists.org/fulldisclosure/2014/Oct/91
http://www.venustech.com.cn/NewsInfo/124/30608.Html
http://packetstormsecurity.com/files/128749/
http://computerobsess.blogspot.sg/2014/12/cve-2014-7292-newtelligence-dasblog.htmlhttp://marc.info/?l=full-disclosure&m=141378771804426&w=4
http://www.cnvd.org.cn/flaw/show/CNVD-2014-07223
http://vulnerabilitypost.wordpress.com/2014/12/29/cve-2014-7292-newtelligence-dasblog-dest-redirect-privilege-escalation-security-vulnerability/

Wang Jing