计算机网络技术

Web News, Technology, Science, etc

网络技术是从1990年代中期发展起来的新技术,它把互联网上分散的资源融为有机整体,实现资源的全面共享和有机协作,使人们能够透明地使用资源的整体能力并按需获取信息。

KnowledgeTree OSS 3.0.3b Application Reflected XSS (Cross-site Scripting) Web Security 0Day Vulnerability




Exploit Title: KnowledgeTree login.php &errorMessage parameter Reflected XSS Web Security Vulnerability

Product: Knowledge Tree Document Management System

Vendor: Knowledge Inc

Vulnerable Versions: OSS 3.0.3b

Tested Version: OSS 3.0.3b

Advisory Publication: August 22, 2015

Latest Update: August 31, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference:

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)





Recommendation Details:



(1) Vendor & Product Description:



Vendor:

KnowledgeTree




Product & Vulnerable Versions:

Knowledge Tree Document Management System

OSS 3.0.3b




Vendor URL & Download:

Product can be obtained from here,

http://download.cnet.com/KnowledgeTree-Document-Management-System/3000-10743_4-10632972.html

http://www.knowledgetree.com/





Product Introduction Overview:

"KnowledgeTree is open source document management software designed for business people to use and install. Seamlessly connect people, ideas, and processes to satisfy all your collaboration, compliance, and business process requirements. KnowledgeTree works with Microsoft® Office®, Microsoft® Windows® and Linux®."








(2) Vulnerability Details:

KnowledgeTree web application has a computer security problem. Hackers can exploit it by reflected XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.


Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. KnowledgeTree has patched some of them. "Bugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.". It has listed similar exploits, such as Bugtraq (Security Focus) 32920.




(2.1) The code flaw occurs at "&errorMessage" parameter in "login.php" page.


One similar bug is CVE-2008-5858. Its X-Force ID is 47529.






References:
http://seclists.org/oss-sec/2015/q3/458
http://tetraph.com/security/xss-vulnerability/knowledgetree-oss-3-0-3b-reflected-xss/
https://progressive-comp.com/?l=oss-security&m=144094021709472
https://infoswift.wordpress.com/2015/08/31/knowledge-tree-xss/
http://japanbroad.blogspot.jp/2015/08/knowledge-tree-bug-exploit.html
http://marc.info/?l=full-disclosure&m=144099659719456&w=4
http://tetraph.blog.163.com/blog/static/234603051201573144123156/
http://www.openwall.com/lists/oss-security/2015/08/30/2
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02446.html
http://itinfotech.tumblr.com/post/128016383831/knowledge-tree-xss
http://germancast.blogspot.com/2015/08/knowledge-tree-xss.html
http://permalink.gmane.org/gmane.comp.security.oss.general/17655
http://webtech.lofter.com/post/1cd3e0d3_806e1d4


测试想法:

日常生活點滴的記錄:

IT 计算机信息网络安全技术:

Google DoubleClick.net (Advertising) System URL Redirection Vulnerabilities Could Be Used by Spammers


Although Google does not include Open Redirect vulnerabilities in its bug bounty program, its preventive measures against Open Redirect attacks have been quite thorough and effective to date.


However, Google might have overlooked the security of its DoubleClick.net advertising system. After some test, it is found that most of the redirection URLs within DoubleClick.net are vulnerable to Open Redirect vulnerabilities. Many redirection are likely to be affected. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.


These redirections can be easily used by spammers, too.


Some URLs belong to Googleads.g.Doubleclick.net are vulnerable to Open Redirect attacks, too. While Google prevents similar URL redirections other than Googleads.g.Doubleclick.net. Attackers can use URLs related to Google Account to make the attacks more powerful.


Moreover, these vulnerabilities can be used to attack other companies such as Google, eBay, The New York Times, Amazon, Godaddy, Yahoo, Netease, e.g. by bypassing their Open Redirect filters (Covert Redirect). These cyber security bug problems have not been patched. Other similar web and computer attacks will be published in the near future.


Discover and Reporter:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/



(1) Background Related to Google DoubleClick.net.

(1.1) What is DoubleClick.net?

"DoubleClick is a subsidiary of Google which develops and provides Internet ad serving services. Its clients include agencies, marketers (Universal McCann, AKQA etc.) and publishers who serve customers like Microsoft, General Motors, Coca-Cola, Motorola, L'Oréal, Palm, Inc., Apple Inc., Visa USA, Nike, Carlsberg among others. DoubleClick's headquarters is in New York City, United States.


DoubleClick was founded in 1996 by Kevin O'Connor and Dwight Merriman. It was formerly listed as "DCLK" on the NASDAQ, and was purchased by private equity firms Hellman & Friedman and JMI Equity in July 2005. In March 2008, Google acquired DoubleClick for US$3.1 billion. Unlike many other dot-com companies, it survived the dot-com bubble and focuses on uploading ads and reporting their performance." (Wikipedia)



(1.2) Reports Related to Google DoubleClick.net Used by Spammers

(1.2.1) Google DoublClick.net has been used by spammers for long time. The following is a report in 2008.

"The open redirect had become popular with spammers trying to lure users into clicking their links, as they could be made to look like safe URLs within Google's domain."
https://www.virusbtn.com/blog/2008/06_03a.xml?comments


(1.2.2) Mitechmate published a blog related to DoubleClick.net spams in 2014.

"Ad.doubleclick.net is recognized as a perilous adware application that causes unwanted redirections when surfing on the certain webpages. Actually it is another browser hijacker that aims to distribute frauds to make money.Commonly people pick up Ad.doubleclick virus when download softwares, browse porn site or read spam email attachments. It enters into computer sneakily after using computer insecurely.Ad.doubleclick.net is not just annoying, this malware traces users’ personal information, which would be utilized for cyber criminal."
http://blog.mitechmate.com/remove-ad-doubleclick-net-redirect-virus/


(1.2.3) Malwarebytes posted a news related to DoubleClick.net malvertising in 2014.

"Large malvertising campaign under way involving DoubleClick and Zedo"
https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/



(2) DoubleClick.net System URL Redirection Vulnerabilities Details.

The vulnerabilities can be attacked without user login. Tests were performed on Microsoft IE (10.0.9200.16750) of Windows 8, Mozilla Firefox (34.0) & Google Chromium 39.0.2171.65-0 ubuntu0.14.04.1.1064 (64-bit) of Ubuntu (14.04),Apple Safari 6.1.6 of Mac OS X Lion 10.7.


Used webpages for the following tests. The webpage address is "http://securitypost.tumblr.com/". We can suppose that this webpage is malicious.


...



Detail:
http://seclists.org/fulldisclosure/2014/Nov/28




Related Posts:
http://lists.openwall.net/full-disclosure/2014/11/14/2
http://marc.info/?l=full-disclosure&m=141599320308665&w=4
http://www.hotforsecurity.com/blog/googles-doubleclick-advertising-platform
http://mathpost.tumblr.com/post/120760828940/tetraph-google-doubleclick-net
http://diebiyi.com/articles/security/open-redirect/google-doubleclick-spam/
https://mathfas.wordpress.com/2014/11/19/google-doubleclick-netadvertising-system
https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts/S7NdTCdEUpC
http://essayjeans.blogspot.com/2015/06/google-doubleclick-website-system-could.html
https://twitter.com/yangziyou/status/606740348757368832
https://www.facebook.com/websecuritiesnews/posts/803216363131869
http://itsecurity.lofter.com/post/1cfbf9e7_72fe79f
http://tetraph.tumblr.com/post/120760676767/google-doubleclick-net-advertising
http://www.weibo.com/1644370627/Cl9CvdTms?from=page_1005051644370627
https://zuiyuxiang.wordpress.com/2014/11/22/google-doubleclick-spam/
http://tetraph.blogspot.com/2015/06/google-doubleclick-website-system-could.html|
https://www.facebook.com/permalink.php?story_fbid=8415712192115891
http://yurusi.blogspot.com/2015/06/google-doubleclick-website-system-could.html
http://guyuzui.lofter.com/post/1ccdcda4_7305f25|
http://www.tetraph.com/blog/open-redirect/google-doubleclick-spam/


      

数学日记:

家庭小木屋:

文豆 & 文库:

白帽子计算机安全:

CVE-2015-1475  - My Little Forum Multiple XSS Web Security Vulnerabilities



Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities

Vendor: My Little Forum

Product: My Little Forum

Vulnerable Versions: 2.3.3  2.2  1.7

Tested Version: 2.3.3  2.2  1.7

Advisory Publication: February 04, 2015

Latest Update: February 11, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2015-1475

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Credit: Jing Wang [School of Mathematical Sciences (001),  University of Science and Technology of China (USTC)] (@justqdjing)








Recommendation Details:


(1) Vendor & Product Description


Vendor:

My Little Forum



Product & Version:

My Little Forum

2.3.3

2.2

1.7



Vendor URL & Download:

http://mylittleforum.net/




Product Description:

“my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view (tree structure). It is Open Source licensed under the GNU General Public License. The main claim of this web forum is simplicity. Furthermore it should be easy to install and run on a standard server configuration with PHP and MySQL.


Features

Usenet like threaded tree structure of the messages

Different views of the threads possible (classical, table, folded)

Categories and tags

BB codes and smilies

Image upload

Avatars

RSS Feeds

Template engine (Smarty)

Different methods of spam protection (can be combined: graphical/mathematical CAPTCHA, wordfilter, IP filter, Akismet, Bad-Behavior)

Localization: language files, time zone and UTF-8 support (see current version for already available languages)”






(2) Vulnerability Details:

My Little Forum  web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.


Several similar products vulnerabilities have been found by some other bug hunter researchers before. My Little Forum has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation's most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.



(2.1) The first programming code flaw occurs at "forum.php?" page with "&page", "&category" parameters.





(2.2) The second programming code flaw occurs at "board_entry.php?" page with "&page", "&order" parameters.





(2.3) The third programming code flaw occurs at  "forum_entry.php" page with "&order", "&page" parameters.









Related Articles:

http://tetraph.com/security/xss-vulnerability/my-little-forum-multiple-xss-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/02/my-little-forum-multiple-xss-security.html

http://seclists.org/fulldisclosure/2015/Feb/15

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01652.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1553

http://packetstormsecurity.com/files/authors/11270

http://marc.info/?a=139222176300014&r=1&w=4

http://lists.openwall.net/full-disclosure/2015/02/03/2

http://essaybeans.blogspot.com/2015/05/cve-2015-1475-my-little-forum-multiple.html

http://www.osvdb.org/creditees/12822-wang-jing

https://infoswift.wordpress.com/2015/05/12/cve-2015-1475-my-little-forum-multiple-xss-web-security-vulnerabilities/

https://twitter.com/tetraphibious/status/597971919892185088

http://japanbroad.blogspot.jp/2015/05/cve-2015-1475-my-little-forum-multiple.html

https://www.facebook.com/tetraph/posts/1649600031926623

http://user.qzone.qq.com/2519094351/blog/1431403836

https://www.facebook.com/permalink.php?story_fbid=460795864075109&id=405943696226993

https://plus.google.com/+wangfeiblackcookie/posts/Sj63XDPhH1j

http://essayjeans.blog.163.com/blog/static/2371730742015412037547/#

http://whitehatpost.lofter.com/post/1cc773c8_6ed5839

http://whitehatview.tumblr.com/post/118754859716/cve-2015-1475-my-little-forum-multiple-xss-web