Newtelligence dasBlog 2.3 Open Redirect

2014-10-20T00:00:00
ID PACKETSTORM:128749
Type packetstorm
Reporter Jing Wang
Modified 2014-10-20T00:00:00

Description

                                        
                                            `Exploit Title: Newtelligence dasBlog Open Redirect Vulnerability  
Product: dasBlog  
Vendor: Newtelligence  
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125)  
2.1(2.1.8102.813)  
Tested Version: 2.3 (2.3.9074.18820)  
Advisory Publication: OCT 15, 2014  
Latest Update: OCT 15, 2014  
Vulnerability Type: Open Redirect [CWE-601]  
CVE Reference: CVE-2014-7292  
Risk Level: Low  
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)  
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]  
  
  
  
  
Advisory Details:  
  
Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.  
  
  
dasBlog supports a feature called Click-Through which basically tracks all  
links clicked inside your blog posts. It's a nice feature that allows the  
blogger to stay informed what kind of content readers like. If  
Click-Through is turned on, all URLs inside blog entries will be replaced  
with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded  
original URL> which of course breaks WebSnapr previews.  
  
  
Web.config code:  
<add verb="*" path="ct.ashx"  
type="newtelligence.DasBlog.Web.Services.ClickThroughHandler,  
newtelligence.DasBlog.Web.Services"/>  
  
  
(1) The vulnerability occurs at "ct.ashx?" page, with "&url" parameter.  
  
  
  
Solutions:  
2014-10-15 Public disclosure with self-written patch.  
  
  
  
  
References:  
http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability/  
https://searchcode.com/codesearch/view/8710666/  
https://www.microsoft.com/web/gallery/dasblog.aspx  
https://dasblog.codeplex.com/releases/view/86033  
http://cwe.mitre.org  
http://cve.mitre.org/  
  
  
`