Vulners
Lucene search
Exploit Labs Security Advisory 2005.10
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2005-2523 | 19 Aug 200504:00 | – | cve |
 | CVE-2005-2523 | 19 Aug 200504:00 | – | cvelist |
 | EUVD-2005-2524 | 7 Oct 202500:30 | – | euvd |
 | Mac OS X Multiple Vulnerabilities (Security Update 2005-007) | 18 Aug 200500:00 | – | nessus |
 | CVE-2005-2523 | 19 Aug 200504:00 | – | nvd |
 | CVE-2005-2523 | 21 May 202521:12 | – | redhatcve |
 | [Full-disclosure] Apple Mac Tiger 10.4 weblog server | 16 Aug 200500:00 | – | securityvulns |
`------------------------------------------------------------
- EXPL-A-2005-010 exploitlabs.com Advisory 039 -
------------------------------------------------------------
- Mac OSX Server weblog -
AFFECTED PRODUCTS
=================
Mac OSX 10.4.0 Weblog Server
http://apple.com
OVERVIEW
========
Weblog Server, which simplifies the publication of Weblogs.
It provides users with the ability to publish and syndicate
their Web content using existing Web browsers, including
Apple's own Safari software. Features include calendar-based
navigation, user and group blogs and HTML, RSS, RSS2, RDF
and ATOM protocols, as well as "Apple-designed blog themes."
Weblog Server can also integrate with Open Directory, LDAP
and access control lists for authentication.
DETAILS
=======
1. XSS
Mac Server weblog comments does not properly filter
malicious script content. XSS my be inserted in the
author and comment body sections. The malicious script
is the rendered upon visitation and executed in the
context of the users brower.
http://[host]:16080/weblog/[bloguser]/?permalink=[blogentry]&page=comments
POC
===
1.
------
input malicious script into author and comment sections in
the comment option on the weblog.
eg:<SCRIPT>alert(document.cookie);</SCRIPT> [cookie theft]
eg:<iframe src="http://somesite.com"></iframe> [redirect]
http://[host]:16080/weblog/[bloguser]/?permalink=[blogentry]&comment=y&page=comments&category=%2F&author=[script]&authorEmail=&authorURL=&commentText=[script]&submit=Submit+Comment
SOLUTION:
=========
vendor contact:
[email protected] June 11, 2005
patch released:
Weblog Server
CVE-ID: CAN-2005-2523
Available for: Mac OS X Server v10.4.2
patch available:
http://www.apple.com/support/downloads/securityupdate2005007macosx1042server.html
Credits
=======
This vulnerability was discovered and researched by
Donnie Werner of exploitlabs
Donnie Werner
mail: wood at exploitlabs.com
mail: morning_wood at zone-h.org
--
web: http://exploitlabs.com
web: http://zone-h.org
original:
http://exploitlabs.com/files/advisories/EXPL-A-2005-010-mac-weblog.txt
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Aug 2005 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.00608