计算机网络技术

Web News, Technology, Science, etc

网络技术是从1990年代中期发展起来的新技术,它把互联网上分散的资源融为有机整体,实现资源的全面共享和有机协作,使人们能够透明地使用资源的整体能力并按需获取信息。

白帽子计算机安全:

IT 计算机&信息网络 技术:

Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug



Exploit Title: Winmail Server badlogin.php &lid parameter Reflected XSS Web Security Vulnerability
Product: Winmail Server
Vendor: Winmail Server
Vulnerable Versions: 4.2   4.1
Tested Version: 4.2   4.1
Advisory Publication: August 24, 2015
Latest Update: August 30, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)








Caution Details:


(1) Vendor & Product Description:


Vendor:

Winmail Server



Product & Vulnerable Versions:
Winmail Server
4.2   4.1



Vendor URL & Download:

Product can be obtained from here,
http://www.magicwinmail.net/download.asp




Product Introduction Overview:

"Winmail Server is an enterprise class mail server software system offering a robust feature set, including extensive security measures. Winmail Server supports SMTP, POP3, IMAP, Webmail, LDAP, multiple domains, SMTP authentication, spam protection, anti-virus protection, SSL security, Network Storage, remote access, Web-based administration, and a wide array of standard email options such as filtering, signatures, real-time monitoring, archiving, and public email folders. Winmail Server can be configured as a mail server or gateway for ISDN, ADSL, FTTB and cable modem networks, beyond standard LAN and Internet mail server configurations."








(2) Vulnerability Details:

Winmail Server web application has a computer security problem. Hackers can exploit it by reflected XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Winmail Server has patched some of them. "scip AG was founded in 2002. We are driven by innovation, sustainability, transparency, and enjoyment of our work. We are completely self-funded and are thus in the comfortable position to provide completely independent and neutral services. Our staff consists of highly specialized experts who focus on the topic information security and continuously further their expertise through advanced training". Scip has recorded similar XSS bugs, such as scipID 26980.



(2.1) 
The code flaw occurs at "&lid" parameter in "badlogin.php" page. In fact, CVE-2005-3692 mentions that "&retid" parameter in "badlogin.php" page is vulnerable to XSS attacks. But it does not mention "&lid" parameter". The scipID of the bug is 26980. Bugtraq (SecurityFocus) ID is 15493. OSVDB ID is 20926.








References: 
http://seclists.org/oss-sec/2015/q3/459 
http://www.tetraph.com/security/xss-vulnerability/winmail-server-4-2-reflected-xss/ 
http://computerobsess.blogspot.com/2015/08/winmail-xss.html
http://marc.info/?l=oss-security&m=144094251309925&w=4
http://permalink.gmane.org/gmane.comp.security.oss.general/17656
https://webtechwire.wordpress.com/2015/08/31/winmail-xss/
http://tetraph.blog.163.com/blog/static/234603051201573115638385/
http://webtechhut.blogspot.com/2015/08/winmail-xss-0day.html
http://ittechnology.lofter.com/post/1cfbf60d_806df2e
http://www.inzeed.com/kaleidoscope/xss-vulnerability/fc2-blog-xss/
http://webcabinet.tumblr.com/post/128010125747/winmail-xss-bug 
http://www.openwall.com/lists/oss-security/2015/08/30/3
https://progressive-comp.com/?l=oss-security&m=144094251309925&w=1



CVE-2014-8753  Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities


Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: Cit-e-Access

Vendor: Cit-e-Net

Vulnerable Versions: Version 6

Tested Version: Version 6

Advisory Publication: February 12, 2015

Latest Update: June 01, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-8753

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Author: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)




Instruction Details:

(1) Vendor & Product Description:

Vendor:

Cit-e-Net


Product & Version: 

Cit-e-Access

Version 6


Vendor URL & Download: 

Cit-e-Net can be downloaded from here,
https://www.cit-e.net/citeadmin/help/cntrainingmanualhowto.pdf
http://demo.cit-e.net/
http://www.cit-e.net/demorequest.cfm
http://demo.cit-e.net/Cit-e-Access/ServReq/?TID=1&TPID=17


Product Introduction:

"We are a premier provider of Internet-based solutions encompassing web site development and modular interactive e-government applications which bring local government, residents and community businesses together.

Cit-e-Net provides a suite of on-line interactive services to counties, municipalities, and other government agencies, that they in turn can offer to their constituents. The municipal government achieves a greater degree of efficiency and timeliness in conducting the daily operations of government, while residents receive improved and easier access to city hall through the on-line access to government services.


Our web-based applications can help your municipality to acheive its e-government goals. Type & click website content-management empowers the municipality to manage the website quickly and easily. Web page styles & formats are customizable by the municipality, and because the foundation is a database application, user security can be set for individual personnel and module applications. Our application modules can either be integrated into your existing municipal web site or implemented as a complete web site solution. It's your choice! Please contact us at info@cit-e.net to view a demonstration of our municipal web site solution if you are an elected official or member of municipal management and your municipality is looking for a cost efficient method for enhancing & improving municipal services. 


Interactive Applications

Online Service Requests

Online Tax Payments by ACH electronic-check or credit card.

Online Utility Payments by  ACH electronic-check or credit card.

Online General-Payments by ACH electronic-check or credit card.

Submit Volunteer Resume's Online for the municipality to match your skills with available openings."




(2) Vulnerability Details:

Cit-e-Access web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several similar products 0Day vulnerabilities have been found by some other bug hunter researchers before. Cit-i-Access has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to important vulnerabilities and cyber intelligence.


(2.1) The first programming code flaw occurs at "/eventscalendar/index.cfm?" page with "&DID" parameter in HTTP GET.

(2.2) The second programming code flaw occurs at "/search/index.cfm?" page with "&keyword" parameter in HTTP POST.

(2.3) The third programming code flaw occurs at "/news/index.cfm" page with "&jump2" "&DID" parameter in HTTP GET.

(2.4) The fourth programming code flaw occurs at "eventscalendar?" page with "&TPID" parameter in HTTP GET.

(2.5) The fifth programming code flaw occurs at "/meetings/index.cfm?" page with "&DID" parameter in HTTP GET.





(3) Solutions:

Leave message to vendor. No response.
http://www.cit-e.net/contact.cfm





References:
http://seclists.org/fulldisclosure/2015/Feb/48
http://marc.info/?l=full-disclosure&m=142380271819297&w=4
https://packetstormsecurity.com/files/130392/Cit-e-Net-6
https://hackertopic.wordpress.com/2015/06/06/cve-2014-8753
https://www.facebook.com/permalink.php?story_fbid=746137642163648
http://mathswift.blogspot.com/2015/06/cve-2014-8753.html
http://inzeed.tumblr.com/post/120907933886/securitypost-cve-2014-8753
https://plus.google.com/u/0/100242269120759811496/posts/M5W1kShGpKr
https://twitter.com/essayjeans/status/607391837213458432
http://ittechnology.lofter.com/post/1cfbf60d_735a4d0
http://www.weibo.com/5099722551/Clqtl3zWs?from=page_1005055099722551
http://blog.163.com/greensun_2006/blog/static/11122112201557115414537/
http://japanbroad.blogspot.jp/2015/06/cve-2014-8753-cit-e-net
https://www.facebook.com/permalink.php?story_fbid=43609503322
http://whitehatpost.lofter.com/post/1cc773c8_73568f4
https://dailymem.wordpress.com/2015/06/06/cve-2014-8753
http://itinfotech.tumblr.com/post/120907872116/securitypost-cve-2014-8753
https://progressive-comp.com/?l=full-disclosure&m=142380271819297&w=1
http://www.tetraph.com/blog/xss-vulnerability/cve-2014-8753



数学日记:

IT 计算机信息网络安全技术:

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities


Vulnerability Description:
About.com all “topic sites” are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross Frame Scripting) attacks. This means all sub-domains of about.com are affected. Based on a self-written program, 94357 links were tested. Only 118 links do not belong to the topics (Metasites) links. Meanwhile, some about.com main pages are vulnerable to XSS attack, too. This means no more than 0.125% links are not affected. At least 99.875% links of About Group are vulnerable to XSS and Iframe Injection attacks. In fact, for about.com’s structure, the main domain is something just like a cover. So, very few links belong to them.

Simultaneously, the About.com main page’s search field is vulnerable to XSS attacks, too. This means all domains related to about.com are vulnerable to XSS attacks.

For the Iframe Injection vulnerability. They can be used to do DDOS (Distributed Denial-of-Service Attack) to other websites, too.
Here is one example of DDOS based on Iframe Injection attacks of others.
http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html

In the last, some “Open Redirect” vulnerabilities related to about.com are introduced. There may be large number of other Open Redirect Vulnerabilities not detected. Since About.com are trusted by some the other websites. Those vulnerabilities can be used to do “Covert Redirect” to these websites.



Vulnerability Disclosure:
Those vulnerabilities were reported to About on Sunday, Oct 19, 2014. No one replied. Until now, they are still unpatched.



Vulnerability Discover:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@Justqdjing)
http://www.tetraph.com/wangjing



(1) Some Basic Background

(1.1) Domain Description:
http://www.about.com/
http://www.alexa.com/siteinfo/about.com

“For March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month.” (The New York Times)

“About.com, also known as The About Group (formerly About Inc.), is an Internet-based network of content that publishes articles and videos about various subjects on its "topic sites,” of which there are nearly 1,000. The website competes with other online resource sites and encyclopedias, including those of the Wikimedia Foundation, and, for March 2014, 61,428,000 unique visitors were registered by comScore for About.com, making it the 16th-most-visited online property for that month. As of August 2012, About.com is the property of IAC, owner of Ask.com and numerous other online brands, and its revenue is generated by advertising.“ (Wikipedia)

"As of May 2013, About.com was receiving about 84 million unique monthly visitors.” (TechCrunch. AOL Inc.)

“According to About’s online media kit, nearly 1,000 "Experts” (freelance writers) contribute to the site by writing on various topics, including healthcare and travel.“ (About.com)



(1.2) Topics Related to About.com

"The Revolutionary About.com Directory and Community Metasite. Hundreds of real live passionate Guides covering Arts, Entertainment, Business, Industry, Science, Technology, Culture, Health, Fitness, Games,Travel, News, Careers, Jobs, Sports, Recreation, Parenting, Kids, Teens, Moms, Education, Computers, Hobbies and Local Information.” (azlist.about.com)

About.com - Sites A to Z

Number of Topics

A: 66

B: 61

C: 118

D: 49

E: 33

F: 57

G: 39

H: 48

I: 32

J: 15

K: 13

L: 36

M: 70

N: 26

O: 23

P: 91

Q: 4

R: 32

S: 104

T: 47

U: 12

V: 9

W: 43

X: 1

Y: 4

Z: 1

SUM: 1039

Reference: azlist.about.com/

In fact, those are not all topics of about.com. Some of the topics are not listed here such as,
http://specialchildren.about.com

So, there are more than 1000 topics related to about.com.



(1.3) Result of Exploiting XSS Attacks

XSS may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Base on Acunetix, exploited XSS is commonly used to achieve the following malicious results:

   "Identity theft

   Accessing sensitive or restricted information

   Gaining free access to otherwise paid for content

   Spying on user’s web browsing habits

   Altering browser functionality

   Public defamation of an individual or corporation

   Web application defacement

   Denial of Service attacks (DOS)

“ (Acunetix)

… …




More:
http://seclists.org/fulldisclosure/2015/Feb/9





Related Articles:
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1547
http://marc.info/?l=full-disclosure&m=142289980219878&w=4
https://packetstormsecurity.com/files/130211/About.com-Cross-Site-Scripting.html
http://computerobsess.blogspot.com/2015/06/about-group-aboutcom-all-topics-at.html
https://www.facebook.com/computersecurities/posts/384674738385985
http://www.weibo.com/1644370627/Clk7CaKvL?from=page_1005051644370627
http://guyuzui.lofter.com/post/1ccdcda4_6f03224
https://twitter.com/yangziyou/status/607145647037284352
http://webtechhut.blogspot.com/2015/06/about-group-aboutcom-all-topics-at.html
https://computertechhut.wordpress.com/2015/02/02/about-group-about-com-
http://inzeed.tumblr.com/post/118845379331/securitypost-about-group-99-88-xss
https://www.facebook.com/permalink.php?story_fbid=1043670099006327
https://dailymem.wordpress.com/2015/02/11/about-group
http://mathdaily.lofter.com/post/1cc75b20_7340000
http://xingti.tumblr.com/post/120847740060/itinfotech-about-group-xss-xfs
http://diebiyi.com/articles/security/xss-vulnerability/about-group-xss-xrf-open-redirect/
http://www.tetraph.com/blog/xss-vulnerability/about-group-xss-xrf-open-redirect/