文豆 & 文库

日常生活點滴的記錄:

数学日记:

CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities



Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: InstantForum.NET

Vendor: InstantASP

Vulnerable Versions: v4.1.3   v4.1.1   v4.1.2   v4.0.0   v4.1.0   v3.4.0

Tested Version: v4.1.3   v4.1.1   v4.1.2

Advisory Publication: February 18, 2015

Latest Update: April 05, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9468

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)





Preposition Details:



(1) Vendor & Product Description:



Vendor:

InstantASP



Product & Version:

InstantForum.NET

v4.1.3   v4.1.1   v4.1.2   v4.0.0   v4.1.0   v3.4.0



Vendor URL & Download:

InstantForum.NET can be purchased from here,

http://docs.instantasp.co.uk/InstantForum/default.html?page=v413tov414guide.html



Product Introduction Overview:

“InstantForum.NET is a feature rich, ultra high performance ASP.NET & SQL Server discussion forum solution designed to meet the needs of the most demanding online communities or internal collaboration environments. Now in the forth generation, InstantForum.NET has been completely rewritten from the ground-up over several months to introduce some truly unique features & performance enhancements."


"The new administrator control panel now offers the most comprehensive control panel available for any ASP.NET based forum today. Advanced security features such as role based permissions and our unique Permission Sets feature provides unparalleled configurable control over the content and features that are available to your users within the forum. Moderators can easily be assigned to specific forums with dedicated moderator privileges for each forum. Bulk moderation options ensure even the busiest forums can be managed effectively by your moderators."


"The forums template driven skinning architecture offers complete customization support. Each skin can be customized to support a completely unique layout or visual appearance. A single central style sheet controls every aspect of a skins appearance. The use of unique HTML wrappers and ASP.NET 1.1 master pages ensures page designers can easily integrate an existing design around the forum. Skins, wrappers & master page templates can be applied globally to all forums or to any specific forum."






(2) Vulnerability Details:

InstantForum.NET web application has a cyber security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. InstantForum has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, cyber intelligence, attack defense and solutions details related to important vulnerabilities.



(2.1) The first programming code flaw occurs at "&SessionID" parameter in “Join.aspx?” page.


(2.2) The second programming code flaw occurs at "&SessionID" parameter in “Logon.aspx?” page.








References:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9468

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9468

http://packetstormsecurity.com/files/authors/11717

http://marc.info/?a=139222176300014&r=1&w=4

https://progressive-comp.com/?a=139222176300014&r=1&w=1%E2%80%8B

http://lists.openwall.net/full-disclosure/2015/02/18/7

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1608

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01704.html

http://seclists.org/fulldisclosure/2015/Feb/70

https://mathfas.wordpress.com/2015/05/13/cve-2014-9468/

http://www.tetraph.com/blog/cves/cve-2014-9468/

https://www.facebook.com/tetraph/posts/1650055075214452

http://computerobsess.blogspot.com/2015/05/cve-2014-9468-instantasp.html

http://tetraph.blogspot.com/2015/05/cve-2014-9468.html

http://guyuzui.lofter.com/post/1ccdcda4_6f0ba81

https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts/R3Mc7T4zxTj

https://www.facebook.com/permalink.php?story_fbid=1623694467849030&id=1567915086760302

https://twitter.com/justqdjing/status/598424496396046336

http://tetraph.tumblr.com/post/118852991427/cve-2014-9468-instantasp-instantforum-net-multiple

http://mathdaily.lofter.com/post/1cc75b20_6f10e07

https://tetraph.wordpress.com/2015/05/13/cve-2014-9468/

http://whitehatview.tumblr.com/post/118853357881/tetraph-cve-2014-9468-instantasp


评论

热度(16)

  1. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片  到 行者路上有風有雨有彩虹
  2. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片  到 绿意蛙鸣
  3. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片  到 IT 计算机&信息网络 技术
  4. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片
  5. 白帽子安全點滴的記錄 转载了此图片  到 竹意
  6. 白帽子安全點滴的記錄 转载了此图片  到 测试想法
  7. 白帽子安全點滴的記錄 转载了此图片  到 湛天雲海碧波影
  8. 白帽子安全點滴的記錄 转载了此图片  到 文豆 & 文库
  9. 白帽子安全點滴的記錄 转载了此图片