计算机网络技术

Web News, Technology, Science, etc

网络技术是从1990年代中期发展起来的新技术,它把互联网上分散的资源融为有机整体,实现资源的全面共享和有机协作,使人们能够透明地使用资源的整体能力并按需获取信息。

白帽子计算机安全:

IT 计算机信息网络安全技术:

VuFind 1.0 Reflected XSS (Cross-site Scripting) Application 0-Day Web Security Bug



Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability

Product: VuFind

Vendor: VuFind

Vulnerable Versions: 1.0

Tested Version: 1.0

Advisory Publication: September 20, 2015

Latest Update: September 25, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference:

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)









Caution Details:



(1) Vendor & Product Description:



Vendor:

VuFind




Product & Vulnerable Versions:

VuFind

1.0




Vendor URL & Download:

Product can be obtained from here,
http://sourceforge.net/p/vufind/news/





Product Introduction Overview:

"VuFind is a library resource portal designed and developed for libraries by libraries. The goal of VuFind is to enable your users to search and browse through all of your library's resources by replacing the traditional OPAC to include: Catalog Records, Locally Cached Journals, Digital Library Items, Institutional Repository, Institutional Bibliography, Other Library Collections and Resources. VuFind is completely modular so you can implement just the basic system, or all of the components. And since it's open source, you can modify the modules to best fit your need or you can add new modules to extend your resource offerings. VuFind runs on Solr Energy. Apache Solr, an open source search engine, offers amazing performance and scalability to allow for VuFind to respond to search queries in milliseconds time. It has the ability to be distributed if you need to spread the load of the catalog over many servers or in a server farm environment. VuFind is offered for free through the GPL open source license. This means that you can use the software for free. You can modify the software and share your successes with the community! Take a look at our VuFind Installations Wiki page to see how a variety of organizations have taken advantage of VuFind's flexibility. If you are already using VuFind, feel free to edit the page and share your accomplishments. "







(2) Vulnerability Details:

VuFind web application has a computer security problem. Hackers can exploit it by reflected XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.


Several other similar products 0-day vulnerabilities have been found by some other bug researchers before. VuFind has patched some of them. "scip AG was founded in 2002. We are driven by innovation, sustainability, transparency, and enjoyment of our work. We are completely self-funded and are thus in the comfortable position to provide completely independent and neutral services. Our staff consists of highly specialized experts who focus on the topic information security and continuously further their expertise through advanced training".



(2.1) The code flaw occurs at "lookfor?" parameter in "/vufind/Resource/Results?" page.


Some other researcher has reported a similar vulnerability here and VuFind has patched it.
https://vufind.org/jira/si/jira.issueviews:issue-html/VUFIND-54/VUFIND-54.html








(3) Solution:

Update to new version.









    References:
    http://tetraph.com/security/xss-vulnerability/vufind-xss/
    http://russiapost.blogspot.ru/2015/09/vufind-xss-issue.html
    https://infoswift.wordpress.com/2015/09/25/vufind-issue/
    http://www.openwall.com/lists/oss-security/2015/09/25/2
    http://whitehatview.tumblr.com/post/129834589981/vufind-xss-bugs   
    http://itsecurity.lofter.com/post/1cfbf9e7_854cb25   
    https://progressive-comp.com/?l=oss-security&m=144316469829656&w=1
    http://essayjeans.blog.163.com/blog/static/23717307420158253407863/
    http://seclists.org/oss-sec/2015/q3/639
    http://frenchairing.blogspot.fr/2015/09/vufind-bug.html
    https://itswift.wordpress.com/2015/09/22/vufind-0day/
    http://permalink.gmane.org/gmane.comp.security.oss.general/17836



IT 计算机信息网络安全技术:

测试想法:

日常生活點滴的記錄:

数学日记:

CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities



Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: InstantForum.NET

Vendor: InstantASP

Vulnerable Versions: v4.1.3   v4.1.1   v4.1.2   v4.0.0   v4.1.0   v3.4.0

Tested Version: v4.1.3   v4.1.1   v4.1.2

Advisory Publication: February 18, 2015

Latest Update: April 05, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9468

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)





Preposition Details:



(1) Vendor & Product Description:



Vendor:

InstantASP



Product & Version:

InstantForum.NET

v4.1.3   v4.1.1   v4.1.2   v4.0.0   v4.1.0   v3.4.0



Vendor URL & Download:

InstantForum.NET can be purchased from here,

http://docs.instantasp.co.uk/InstantForum/default.html?page=v413tov414guide.html



Product Introduction Overview:

“InstantForum.NET is a feature rich, ultra high performance ASP.NET & SQL Server discussion forum solution designed to meet the needs of the most demanding online communities or internal collaboration environments. Now in the forth generation, InstantForum.NET has been completely rewritten from the ground-up over several months to introduce some truly unique features & performance enhancements."


"The new administrator control panel now offers the most comprehensive control panel available for any ASP.NET based forum today. Advanced security features such as role based permissions and our unique Permission Sets feature provides unparalleled configurable control over the content and features that are available to your users within the forum. Moderators can easily be assigned to specific forums with dedicated moderator privileges for each forum. Bulk moderation options ensure even the busiest forums can be managed effectively by your moderators."


"The forums template driven skinning architecture offers complete customization support. Each skin can be customized to support a completely unique layout or visual appearance. A single central style sheet controls every aspect of a skins appearance. The use of unique HTML wrappers and ASP.NET 1.1 master pages ensures page designers can easily integrate an existing design around the forum. Skins, wrappers & master page templates can be applied globally to all forums or to any specific forum."






(2) Vulnerability Details:

InstantForum.NET web application has a cyber security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. InstantForum has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, cyber intelligence, attack defense and solutions details related to important vulnerabilities.



(2.1) The first programming code flaw occurs at "&SessionID" parameter in “Join.aspx?” page.


(2.2) The second programming code flaw occurs at "&SessionID" parameter in “Logon.aspx?” page.








References:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9468

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9468

http://packetstormsecurity.com/files/authors/11717

http://marc.info/?a=139222176300014&r=1&w=4

https://progressive-comp.com/?a=139222176300014&r=1&w=1%E2%80%8B

http://lists.openwall.net/full-disclosure/2015/02/18/7

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1608

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01704.html

http://seclists.org/fulldisclosure/2015/Feb/70

https://mathfas.wordpress.com/2015/05/13/cve-2014-9468/

http://www.tetraph.com/blog/cves/cve-2014-9468/

https://www.facebook.com/tetraph/posts/1650055075214452

http://computerobsess.blogspot.com/2015/05/cve-2014-9468-instantasp.html

http://tetraph.blogspot.com/2015/05/cve-2014-9468.html

http://guyuzui.lofter.com/post/1ccdcda4_6f0ba81

https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts/R3Mc7T4zxTj

https://www.facebook.com/permalink.php?story_fbid=1623694467849030&id=1567915086760302

https://twitter.com/justqdjing/status/598424496396046336

http://tetraph.tumblr.com/post/118852991427/cve-2014-9468-instantasp-instantforum-net-multiple

http://mathdaily.lofter.com/post/1cc75b20_6f10e07

https://tetraph.wordpress.com/2015/05/13/cve-2014-9468/

http://whitehatview.tumblr.com/post/118853357881/tetraph-cve-2014-9468-instantasp