lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 16 Jul 2011 17:10:35 +0800
From: YGN Ethical Hacker Group <lists@...g.net>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: MyST BlogSite | Multiple Vulnerabilities

===============================
MyST BlogSite | Multiple Vulnerabilities
===============================


1. VULNERABILITY DESCRIPTION


--> Issue Title: Arbitrary URL Redirect
Component: MyST BlogSite ClickDirector

Ref: OWASP - Top 10 - 2010 - A10
Ref-Link: https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards

Proof-Of-Concept:
http://blogsite.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
http://blog.cenzic.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
[FIXED]


--> Issue Title: Information Leakage	
Ref: WASC-13
Ref-Link: http://projects.webappsec.org/w/page/13246936/Information-Leakage

This could be used to brute force (http://blogsite.com/login)

Proof-Of-Concept:
http://blogsite.com/public/mostl/1
http://blogsite.com/public/mostl/2
http://blogsite.com/public/my-account/1
http://blogsite.com/public/my-account/2
http://blogsite.com/public/object/1
http://blogsite.com/public/object/2
http://blogsite.com/public/object/3


--> Issue Title: Arbitrary Text Insertion

This could be used to deliver defamatory message to unaware users.

Proof-of-Concept:
http://blogsite.com/public/mostl-action/1?action=Browse&text=This%20blog%20was%200wned!



2. VENDOR

MyST Technology Partners, Inc.
http://myst-technology.com/


4. DISCLOSURE TIME-LINE

2011-04-17: reported vendor
2011-07-16: vulnerability found unfixed
2011-07-16: vulnerability disclosed	


5. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[MyST_BlogSite]_vulnerabilities_2011-07

#yehg [2011-07-16]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ