Vulners
Lucene search
ownCloud 3.0.0 Cross Site Scripting
🗓️ 18 Apr 2012 00:00:00Reported by Tobias GlemserType 
packetstorm🔗 packetstormsecurity.com👁 60 Views
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | ownCloud 3.0.0 Cross Site Scripting | 18 Apr 201200:00 | – | zdt |
 | CVE-2012-2270 | 18 Apr 201200:00 | – | circl |
 | CVE-2012-2269 | 20 Apr 201210:00 | – | cve |
| CVE-2012-2270 | 20 Apr 201210:00 | – | cve |
 | CVE-2012-2269 | 20 Apr 201210:00 | – | cvelist |
| CVE-2012-2270 | 20 Apr 201210:00 | – | cvelist |
 | EUVD-2012-2262 | 7 Oct 202500:30 | – | euvd |
 | CVE-2012-2269 | 20 Apr 201210:55 | – | nvd |
| CVE-2012-2270 | 20 Apr 201210:55 | – | nvd |
 | ownCloud <= 3.0.0 Multiple Input Validation Vulnerabilities - Active Check | 19 Apr 201200:00 | – | openvas |
10
`TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0
Published: 2012/04/18
Version 1.0
Affected products:
ownCloud version 3.0.0 (others not tested)
http://owncloud.org
References:
TC-SA-2012-01 www.tele-consulting.com/advisories/TC-SA-2012-01.txt
(used for updates)
CVE-2012-2269 - XSS in ownCloud 3.0.0
CVE-2012-2270 - Open Redirect in ownCloud 3.0.0
Summary:
"ownCloud gives you easy and universal access to all of your files.
It also provides a platform to easily view, sync and share your
contacts, calendars, bookmarks and files across all your devices.
ownCloud 3 brings loads of new features and hundreds of fixes"
Vulnerable Scripts:
stored XSS:
- /apps/contacts/ajax/addcard.php (any input field)
- /apps/contacts/ajax/addproperty.php (parameter)
- /apps/contacts/ajax/createaddressbook (name)
reflected XSS:
- /files/download.php (file)
- /files/index.php (name, user, redirect_url)
open redirect after login:
- Login Page
Examples:
stored XSS:
- add a new contact and enter <script>alert("Help Me")</script> in
any field, save the contact
- add a new date in calendar with name <script>alert("Help
Me")</script>"
reflected XSS (un-authenticated):
-
http://$domain/owncloud/index.php?redirect_url=1"><script>alert("Help
Me")</script><l=" (must not be logged in)
open redirect after login:
-
http://$domain/owncloud/index.php?redirect_url=http%3a//www.boeserangreife
r.de/
Possible solutions:
- update to OwnCloud 3.0.2
Disclosure Timeline:
2012/02/01 vendor contacted via #owncloud on freenode IRC, got E-Mail
2012/02/01 vendor contacted via E-Mail
2012/02/02 vendor response
2012/04/16 asked vendor for status updates
2012/04/16 vendor status: patched with version 3.0.2
2012/04/18 public disclosure
Credits:
Tobias Glemser ([email protected])
Tele-Consulting security networking training GmbH, Germany
www.tele-consulting.com
Disclaimer:
All information is provided without warranty. The intent is to
provide information to secure infrastructure and/or systems, not
to be able to attack or damage. Therefore Tele-Consulting shall
not be liable for any direct or indirect damages that might be
caused by using this information.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Apr 2012 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.14329