Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJing WangPACKETSTORM:131455
HistoryApr 16, 2015 - 12:00 a.m.

Opoint Media Intelligence Open Redirect

2015-04-1600:00:00
Jing Wang
packetstormsecurity.com
37
JSON
`*Opoint Media Intelligence Unvalidated Redirects and Forwards (URL  
Redirection) Security Vulnerabilities*  
  
  
Exploit Title: Opoint Media Intelligence click.php? &noblink parameter URL  
Redirection Security Vulnerabilities  
Vendor: Opoint  
Product: Opoint Media Intelligence  
Vulnerable Versions:  
Tested Version:  
Advisory Publication: April 14, 2015  
Latest Update: April 14, 2015  
Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect')  
[CWE-601]  
CVE Reference: *  
Impact CVSS Severity (version 2.0):  
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)  
Impact Subscore: 4.9  
Exploitability Subscore: 8.6  
Discover and Writer: Wang Jing [Mathematics, Nanyang Technological  
University (NTU), Singapore]  
  
  
  
  
  
  
  
*Suggestion Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
*Vendor:*  
Opoint  
  
  
  
*Product & Vulnerable Version:*  
Opoint Media Intelligence  
  
  
  
*Vendor URL & Download*:  
Opoint Media Intelligence can be got from here,  
http://www.opoint.com/index.php?page=home  
  
  
  
  
*Product Introduction Overview:*  
"Today, some libraries want to enhance their online presence in ways that  
go beyond the traditional OPAC and the "library portal" model to better  
integrate the latest Web functionality. With Opoint Media Intelligence,  
libraries will be able to take advantage of the latest Web technologies and  
engage Web-savvy users more effectively than ever before. Opoint Media  
Intelligence is a complete update of the Web OPAC interface"  
  
"Opoint Media Intelligence breaks through the functional and design  
limitations of the traditional online catalog. Its solid technology  
framework supports tools for patron access such as Spell Check; integrated  
Really Simple Syndication (RSS) feeds; a suite of products for seamless  
Campus Computing; and deep control over information content and  
presentation with Cascading Style Sheets (CSS). Opoint Media Intelligence  
is also a platform for participation when integrated with Innovative's  
Patron Ratings features and Community Reviews product. What's more, with  
Opoint Media Intelligence's RightResult™ search technology, the most  
relevant materials display at the top so patrons get to the specific items  
or topics they want to explore immediately. Opoint Media Intelligence can  
also interconnect with Innovative's discovery services platform, Encore.  
And for elegant access through Blackberry® Storm™ or iPhone™, the AirPAC  
provides catalog searching, item requesting, and more."  
  
  
  
  
  
*(2) Vulnerability Details:*  
Opoint Media Intelligence web application has a security bug problem. It  
can be exploited by Unvalidated Redirects and Forwards (URL Redirection)  
attacks. This could allow a user to create a specially crafted URL, that if  
clicked, would redirect a victim from the intended legitimate web site to  
an arbitrary web site of the attacker's choosing. Such attacks are useful  
as the crafted URL initially appear to be a web page of a trusted site.  
This could be leveraged to direct an unsuspecting user to a web page  
containing attacks that target client side software such as a web browser  
or document rendering programs.  
  
Other Opoint products 0day vulnerabilities have been found by some other  
bug hunter researchers before. Opoint has patched some of them. Web  
Security Watch is an aggregator of security reports coming from various  
sources. It aims to provide a single point of tracking for all publicly  
disclosed security issues that matter. "Its unique tagging system enables  
you to see a relevant set of tags associated with each security alert for a  
quick overview of the affected products. What's more, you can now subscribe  
to an RSS feed containing the specific tags that you are interested in -  
you will then only receive alerts related to those tags." It has published  
suggestions, advisories, solutions details related to Open Redirect  
vulnerabilities.  
  
  
  
*(2.1)* The first code programming flaw occurs at "func/click.php?" page  
with "&noblink" parameter.  
  
  
  
  
  
  
  
*References:*  
http://tetraph.com/security/open-redirect/opoint-media-intelligence-unvalidated-redirects-and-forwards/  
http://securityrelated.blogspot.com/2015/04/opoint-media-intelligence-unvalidated.html  
http://www.inzeed.com/kaleidoscope/computer-web-security/opoint-media-intelligence-open-redirect/  
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/opoint-media-intelligence-open-redirect/  
https://computerpitch.wordpress.com/2015/04/14/opoint-media-intelligence-open-redirect/  
http://www.iedb.ir/author-Wang%20Jing.html  
http://www.websecuritywatch.com/open-redirect-vulnerability-in-wordpress-newsletter-2-6-x-2-5-x/  
http://lists.openwall.net/full-disclosure/2015/03/02/7  
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1646  
  
  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://twitter.com/justqdjing  
  
  
`
JSON