DotNetNuke Cross Site Scripting and Security Bypass Vulnerabilities
BID:51858
Info
DotNetNuke Cross Site Scripting and Security Bypass Vulnerabilities
| Bugtraq ID: | 51858 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 03 2012 12:00AM |
| Updated: | Feb 03 2012 12:00AM |
| Credit: | Brandon Haynes Richard Lundeen of Microsoft and Microsoft Vulnerability Research (MSVR) Mark Litchfield, NGSSecure |
| Vulnerable: |
DotNetNuke DotNetNuke 6.0.2 DotNetNuke DotNetNuke 6.0.1 DotNetNuke DotNetNuke 6.1.2 DotNetNuke DotNetNuke 6.1.0 DotNetNuke DotNetNuke 6.0 DotNetNuke DotNetNuke 5.6.7 |
| Not Vulnerable: |
DotNetNuke DotNetNuke 6.1.3 DotNetNuke DotNetNuke 5.6.8 |
Discussion
DotNetNuke Cross Site Scripting and Security Bypass Vulnerabilities
DotNetNuke is prone to the following vulnerabilities:
1. Multiple security-bypass vulnerability.
2. A cross-site scripting vulnerability.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
DotNetNuke is prone to the following vulnerabilities:
1. Multiple security-bypass vulnerability.
2. A cross-site scripting vulnerability.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
Exploit / POC
DotNetNuke Cross Site Scripting and Security Bypass Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
References
DotNetNuke Cross Site Scripting and Security Bypass Vulnerabilities
References:
References:
- DotNetNuke HomePage (DotNetNuke)
- Non-approved users can access user and role functions (Mark Litchfield)
- Potential XSS issue via modal popups (Richard Lundeen)
- Radeditor provider function could confirm the existence of a file (Brandon Haynes)