注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

Tetraph 的博客

IT 计算机网络信息安全技术 数学 统计 云计算 安全漏洞 日常随笔 散文 音乐

 
 
 

日志

 
 

VuFind 1.0 Reflected XSS (Cross-site Scripting) Application 0-Day Web Security Bug  

2015-09-25 14:51:30|  分类: XSS 漏洞 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

VuFind 1.0 Reflected XSS (Cross-site Scripting) Application 0-Day Web Security Bug

 

Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability

Product: VuFind

Vendor: VuFind

Vulnerable Versions: 1.0

Tested Version: 1.0

Advisory Publication: September 20, 2015

Latest Update: September 25, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference:

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)



 

vufind xss - tetraph - Tetraph  的博客
 



vufind xss - tetraph - Tetraph  的博客
 





Caution Details:

 

(1) Vendor & Product Description:



Vendor:

VuFind

 

Product & Vulnerable Versions:

VuFind

1.0

 

Vendor URL & Download:

Product can be obtained from here,
http://sourceforge.net/p/vufind/news/

 

Product Introduction Overview:

"VuFind is a library resource portal designed and developed for libraries by libraries. The goal of VuFind is to enable your users to search and browse through all of your library's resources by replacing the traditional OPAC to include: Catalog Records, Locally Cached Journals, Digital Library Items, Institutional Repository, Institutional Bibliography, Other Library Collections and Resources. VuFind is completely modular so you can implement just the basic system, or all of the components. And since it's open source, you can modify the modules to best fit your need or you can add new modules to extend your resource offerings. VuFind runs on Solr Energy. Apache Solr, an open source search engine, offers amazing performance and scalability to allow for VuFind to respond to search queries in milliseconds time. It has the ability to be distributed if you need to spread the load of the catalog over many servers or in a server farm environment. VuFind is offered for free through the GPL open source license. This means that you can use the software for free. You can modify the software and share your successes with the community! Take a look at our VuFind Installations Wiki page to see how a variety of organizations have taken advantage of VuFind's flexibility. If you are already using VuFind, feel free to edit the page and share your accomplishments. "

 

 

 

(2) Vulnerability Details:

VuFind web application has a computer security problem. Hackers can exploit it by reflected XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug researchers before. VuFind has patched some of them. "scip AG was founded in 2002. We are driven by innovation, sustainability, transparency, and enjoyment of our work. We are completely self-funded and are thus in the comfortable position to provide completely independent and neutral services. Our staff consists of highly specialized experts who focus on the topic information security and continuously further their expertise through advanced training".

 

(2.1) The code flaw occurs at "lookfor?" parameter in "/vufind/Resource/Results?" page.

 

Some other researcher has reported a similar vulnerability here and VuFind has patched it.
https://vufind.org/jira/si/jira.issueviews:issue-html/VUFIND-54/VUFIND-54.html

 

 

 

(3) Solution:

Update to new version.

 

 

 

 

References:
http://tetraph.com/security/xss-vulnerability/vufind-xss/
http://securityrelated.blogspot.com/2015/09/vufind-xss.html
https://vulnerabilitypost.wordpress.com/2015/09/22/vufind-xss/
http://tetraph.blog.163.com/blog/static/234603051201582525130175/
https://packetstormsecurity.com/files/133374/Winmail-Server-4.2-Cross-Site-Scripting.html
http://marc.info/?l=oss-security&m=144094021709472&w=4
http://lists.openwall.net/full-disclosure/2015/08/31/2
http://ithut.tumblr.com/post/128012509383/webcabinet-winmail-server-42-reflected-xss
http://seclists.org/fulldisclosure/2015/Aug/84
http://lists.openwall.net/full-disclosure/2015/08/31/2

  评论这张
 
阅读(128)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017