Reflected Cross-Site Scripting (XSS) in e107

看板Bugtraq作者advisory.時間11年前 (2014/07/17 06:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

Advisory ID: HTB23220 Product: e107 Vendor: e107 Vulnerable Version(s): 2.0 alpha2 and probably prior Tested Version: 2.0 alpha2 Advisory Publication: June 18, 2014 [without technical details] Vendor Notification: June 18, 2014=20 Vendor Patch: June 27, 2014=20 Public Disclosure: July 16, 2014=20 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-4734 Risk Level: Low=20 CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://w= ww.htbridge.com/advisory/ )=20 ---------------------------------------------------------------------------= -------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in e107, wh= ich can be exploited to perform Cross-Site Scripting (XSS) attacks. 1) Reflected Cross-Site Scripting (XSS) in e107: CVE-2014-4734 The vulnerability exists due to insufficient sanitization of "type" HTTP GE= T parameter passed to "/e107_admin/db.php" script. A remote attacker can tr= ick a logged-in administrator to follow a specially crafted link and execut= e arbitrary HTML and scripting code in administrator=E2=80=99s browser.=20 Using advanced XSS techniques a remote attacker can gain complete access ov= er administrator=E2=80=99s session and perform arbitrary actions as web app= lication administrator.=20 The following exploitation example displays JS pop-up with "immuniweb" word= when the administrator hits the "submit" button: http://[host]/e107_admin/db.php?mode=3Dpref_editor&type=3D123%27%20onsubmit= =3D%22alert%28%27immuniweb%27%29%3b%22%20a=3D%27 ---------------------------------------------------------------------------= -------------------- Solution: Update e107_admin/db.php file from GitHub. More Information: https://github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f544= 64e1 https://github.com/e107inc/e107/commit/e3088a877f94ac465555173e28b2f7f4a4f6= d5e8 ---------------------------------------------------------------------------= -------------------- References: [1] High-Tech Bridge Advisory HTB23220 - https://www.htbridge.com/advisory/= HTB23220 - Reflected Cross-Site Scripting (XSS) in e107. [2] e107 - http://e107.org - Powerful Website Content Management System. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - in= ternational in scope and free for public use, CVE=C2=AE is a dictionary of = publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to = developers and security practitioners, CWE is a formal list of software wea= kness types. [5] ImmuniWeb=C2=AE SaaS - https://www.htbridge.com/immuniweb/ - hybrid of = manual web application penetration test and cutting-edge vulnerability scan= ner available online via a Software-as-a-Service (SaaS) model. ---------------------------------------------------------------------------= -------------------- Disclaimer: The information provided in this Advisory is provided "as is" a= nd without any warranty of any kind. Details of this Advisory may be update= d in order to provide as accurate information as possible. The latest versi= on of the Advisory is available on web page [1] in the References.

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 advisory. 的文章

文章代碼(AID): #1JnlOWQD (Bugtraq)