Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDonnie WernerPACKETSTORM:39428
HistoryAug 17, 2005 - 12:00 a.m.

Exploit Labs Security Advisory 2005.10

2005-08-1700:00:00
Donnie Werner
packetstormsecurity.com
13

0.002 Low

EPSS

Percentile

61.6%

JSON
`------------------------------------------------------------  
- EXPL-A-2005-010 exploitlabs.com Advisory 039 -  
------------------------------------------------------------  
- Mac OSX Server weblog -  
  
  
  
  
  
AFFECTED PRODUCTS  
=================  
Mac OSX 10.4.0 Weblog Server  
  
http://apple.com  
  
  
  
OVERVIEW  
========  
Weblog Server, which simplifies the publication of Weblogs.  
It provides users with the ability to publish and syndicate  
their Web content using existing Web browsers, including  
Apple's own Safari software. Features include calendar-based  
navigation, user and group blogs and HTML, RSS, RSS2, RDF  
and ATOM protocols, as well as "Apple-designed blog themes."  
Weblog Server can also integrate with Open Directory, LDAP  
and access control lists for authentication.  
  
  
  
  
DETAILS  
=======  
1. XSS  
  
Mac Server weblog comments does not properly filter  
malicious script content. XSS my be inserted in the  
author and comment body sections. The malicious script  
is the rendered upon visitation and executed in the  
context of the users brower.  
  
http://[host]:16080/weblog/[bloguser]/?permalink=[blogentry]&page=comments  
  
  
  
POC  
===  
  
1.  
------  
input malicious script into author and comment sections in  
the comment option on the weblog.  
eg:<SCRIPT>alert(document.cookie);</SCRIPT> [cookie theft]  
eg:<iframe src="http://somesite.com"></iframe> [redirect]  
  
  
http://[host]:16080/weblog/[bloguser]/?permalink=[blogentry]&comment=y&page=comments&category=%2F&author=[script]&authorEmail=&authorURL=&commentText=[script]&submit=Submit+Comment  
  
  
SOLUTION:  
=========  
vendor contact:  
[email protected] June 11, 2005  
  
patch released:  
  
Weblog Server  
CVE-ID: CAN-2005-2523  
Available for: Mac OS X Server v10.4.2  
  
patch available:  
http://www.apple.com/support/downloads/securityupdate2005007macosx1042server.html  
  
  
  
  
  
Credits  
=======  
This vulnerability was discovered and researched by  
Donnie Werner of exploitlabs  
  
Donnie Werner  
  
mail: wood at exploitlabs.com  
mail: morning_wood at zone-h.org  
--   
web: http://exploitlabs.com  
web: http://zone-h.org  
  
original:  
http://exploitlabs.com/files/advisories/EXPL-A-2005-010-mac-weblog.txt  
`

Related

cve 1
securityvulns 1
nessus 1
cve
cve
CVE-2005-2523
2005-08-19 04:00:00
securityvulns
securityvulns
[Full-disclosure] Apple Mac Tiger 10.4 weblog server
2005-08-16 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2005-007)
2005-08-18 00:00:00

0.002 Low

EPSS

Percentile

61.6%

JSON
Related for PACKETSTORM:39428
cve1securityvulns1nessus1