Date: Mon, 15 Oct 2012 00:38:38 +0800 From: YGN Ethical Hacker Group <lists@...g.net> To: full-disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq <bugtraq@...urityfocus.com>, secalert@...urityreason.com, bugs@...uritytracker.com, vuln <vuln@...unia.com>, vuln@...urity.nnov.ru, news@...uriteam.com, moderators@...db.org, submissions@...ketstormsecurity.org, submit@...ecurity.com, oss-security@...ts.openwall.com Subject: SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection 1. OVERVIEW SilverStripe 2.4.7 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND SilverStripe CMS is easy for both developers and content authors to work with. The SilverStripe Framework keeps the code tucked away neatly so that it can be accessed easily by programmers but does not get in the way of content authors. 3. VULNERABILITY DESCRIPTION SilverStripe CMS contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the "BackURL" parameter upon submission to the "/index.php/Security/login" script. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. 4. VERSIONS AFFECTED Tested on 2.4.7 5. PROOF-OF-CONCEPT/EXPLOIT http://localhost/index.php/Security/login?BackURL=//yehg.net 6. SOLUTION Upgrade to the latest 3.x version. 7. VENDOR SilverStripe Development Team http://www.silverstripe.org/ 8. CREDIT This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2012-02-06: notified vendor 2012-10-15: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5BSilverStripe_2.4.7%5D_url_redirection #yehg [2012-10-15] --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.