Ektron CMS400.NET Multiple Security Vulnerabilities
BID:39679
Info
Ektron CMS400.NET Multiple Security Vulnerabilities
| Bugtraq ID: | 39679 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 26 2010 12:00AM |
| Updated: | Apr 26 2010 04:32PM |
| Credit: | Richard Moore and Rohan Stelling |
| Vulnerable: |
Ektron Inc. CMS400.NET 7.5.2 49 |
| Not Vulnerable: | |
Discussion
Ektron CMS400.NET Multiple Security Vulnerabilities
Ektron CMS400.NET is prone to multiple security vulnerabilities, including multiple cross-site scripting issues, an information-disclosure issue, a cookie-manipulation issue, a directory-traversal issue, a security-bypass issue, and a URI redirection issue.
Attackers can leverage these issues to bypass authentication mechanisms, execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, steal cookie-based authentication credentials, obtain sensitive information, bypass certain security restrictions, and redirect a user to a potentially malicious site; other attacks are also possible.
Ektron CMS400.NET 7.5.2.49 is affected; other versions may also be vulnerable.
Ektron CMS400.NET is prone to multiple security vulnerabilities, including multiple cross-site scripting issues, an information-disclosure issue, a cookie-manipulation issue, a directory-traversal issue, a security-bypass issue, and a URI redirection issue.
Attackers can leverage these issues to bypass authentication mechanisms, execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, steal cookie-based authentication credentials, obtain sensitive information, bypass certain security restrictions, and redirect a user to a potentially malicious site; other attacks are also possible.
Ektron CMS400.NET 7.5.2.49 is affected; other versions may also be vulnerable.
Exploit / POC
Ektron CMS400.NET Multiple Security Vulnerabilities
Attackers can exploit these issues using a browser. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting victim into following a URI.
The following example URIs are available:
Cross-Site Scripting issue:
http://www.example.com/WorkArea/reterror.aspx?info=<script>alert('vulnerable')</script>
http://www.example.com/workarea/medialist.aspx?action=ViewLibraryByCategory&selectids='; alert('Vulnerable');//
URI Redirection issue:
http://www.example.com/workarea/blankredirect.aspx?http://www.example2.com
Attackers can exploit these issues using a browser. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting victim into following a URI.
The following example URIs are available:
Cross-Site Scripting issue:
http://www.example.com/WorkArea/reterror.aspx?info=<script>alert('vulnerable')</script>
http://www.example.com/workarea/medialist.aspx?action=ViewLibraryByCategory&selectids='; alert('Vulnerable');//
URI Redirection issue:
http://www.example.com/workarea/blankredirect.aspx?http://www.example2.com
Solution / Fix
Ektron CMS400.NET Multiple Security Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].