Exploit Title: Newtelligence dasBlog Open Redirect Vulnerability Product: dasBlog Vendor: Newtelligence Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813) Tested Version: 2.3 (2.3.9074.18820) Advisory Publication: OCT 15, 2014 Latest Update: OCT 15, 2014 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-7292 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]
Advisory Details: Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks. dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It's a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded original URL> which of course breaks WebSnapr previews. Web.config code: <add verb="*" path="ct.ashx" type="newtelligence.DasBlog.Web.Services.ClickThroughHandler, newtelligence.DasBlog.Web.Services"/> (1) The vulnerability occurs at "ct.ashx?" page, with "&url" parameter. Solutions: 2014-10-15 Public disclosure with self-written patch. References: http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability/ https://searchcode.com/codesearch/view/8710666/ https://www.microsoft.com/web/gallery/dasblog.aspx https://dasblog.codeplex.com/releases/view/86033 http://cwe.mitre.org http://cve.mitre.org/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
