lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <RMOBILEE78AWQTaMVc900000001@rmobile>
Date: Fri, 6 Feb 2004 14:20:29 +0200
From: "Ferruh Mavituna" <ferruh@...ituna.com>
To: <bugtraq@...urityfocus.com>
Subject: Dotnetnuke Multiple Vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------
DOTNETNUKE MULTIPLE VULNBERABILITIES
- - ------------------------------------------------------
Online URL : http://ferruh.mavituna.com/?429 

1) Source Code & File Access;
Severity : Highly Critical

2) XSS (Cross Site Scripting);
Severity : Low Critical


- - ------------------------------------------------------
ABOUT DOTNETNUKE;
- - ------------------------------------------------------
ASP.NET, Open Source Web Portal Application.

URL & Demo & Source Code Download ;
http://www.dotnetnuke.com/


Developer Description;
DotNetNuke ( formerly known as the IBuySpy Workshop ) is an automated
content management system specifically designed to be used in
Intranet and Internet deployments. The Administrator has total
control of their web portal, membership, and has a powerful set of
tools to maintain a dynamic and 100% interactive data-driven web
site. 


- - ------------------------------------------------------
VULNERABLE;
- - ------------------------------------------------------
Any version of DotNetNuke from version 1.0.6 to 1.0.10d 


- - ------------------------------------------------------
NOT VULNERABLE;
- - ------------------------------------------------------
DotNetNuke 1.0.10e

- - ------------------------------------------------------
1) SOURCE CODE & FILE ACCESS;
- - ------------------------------------------------------
This one is the biggest problem. Anyone can download files and source
codes with a simple GET request.

! Proof of Concept Codes removed because of the possible serious
damages. [Vendor informed with required proof of concepts]


- - ------------------------------------------------------
2) XSS (Cross Site Scripting);
- - ------------------------------------------------------
An attacker can steal active session and by "Remember Login" feature
attacker can login as another user at anytime.

	------------------------------------------------------
	Details;
	------------------------------------------------------
	PAGE : http://[VICTIM]/EditModule.aspx?tabid=510&def=Register
	Input values need to encode.




- - ------------------------------------------------------
HOW TO PATCH [provided by vendor];
- - ------------------------------------------------------
Online URL :
http://www.asp.net/Forums/ShowPost.aspx?tabindex=1&PostID=456107
Also required information attached.


- - ------------------------------------------------------
FINAL WORDS;
- - ------------------------------------------------------
Also other pages looks like have some similar security problems.
And I want thank you all dotnetnuke team, they fixed problems
quickly. 



- - -----------------------------------------------------
HISTORY;
- - ------------------------------------------------------
Discovered: 12.12.2003
Vendor Informed: 30.01.2004
Published: 28.01.2004

- - ------------------------------------------------------
Vendor Status;
- - ------------------------------------------------------
Quickly answered and fixed.


Ferruh Mavituna
Web Application Security Specialist
http://ferruh.mavituna.com
ferruh@...ituna.com


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQCOGgTL0QoVzo2STEQKpbQCgghJMYBcyxFjL3BuYM9AYCSAZzAwAn1hF
TXQQbATmKndanAXaOx8jfedA
=Khhg
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ