CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Security Vulnerability

Computer Technology Hut

Exploit Title: Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability
Product: dasBlog
Vendor: Newtelligence
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813)
Tested Version: 2.3 (2.3.9074.18820)
Advisory Publication: OCT 15, 2014
Latest Update: OCT 15, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]Advisory Details:

(1) Vendor URL:
https://searchcode.com/codesearch/view/8710666/https://www.microsoft.com/web/gallery/dasblog.aspx



(2) Vulnerability Description:
“Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.
dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It’s a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded original URL> which of course breaks WebSnapr previews.”

Web.config code:
<add verb=”*” path=”ct.ashx”…

View original post 46 more words

Advertisements

3 thoughts on “CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Security Vulnerability

  1. Pingback: 描寫月亮的詩句 30 首 – 高潔 美麗 思鄉 孤獨 蒼涼 優雅 | Math Fascinated

  2. Pingback: 描寫月亮的詩句 30 首 – 高潔 美麗 思鄉 孤獨 蒼涼 優雅 | Blog Related to IT, Science, Math, etc

  3. Pingback: 描寫月亮的詩句 30 首 – 高潔 美麗 思鄉 孤獨 蒼涼 優雅 | 比翼鳥資訊 – 在天願作比翼鳥 在地願為連理枝

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s