测试想法

测试需要的功能
技术
是否工作

CVE-2014-9469  vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities


Exploit Title: vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: vBulletin Forum

Vendor:vBulletin

Vulnerable Versions: 5.1.3   5.0.5   4.2.2   3.8.7   3.6.7   3.6.0   3.5.4

Tested Version:5.1.3 4.2.2

Advisory Publication: February 12, 2015

Latest Update:February 26, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9469

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)




Preposition Details:


(1) Vendor & Product Description:

Vendor: 

vBulletin


Product & Version: 

vBulletin Forum

5.1.3   5.0.5   4.2.2   3.8.7   3.6.7   3.6.0   3.5.4


Vendor URL & Download: 

vBulletin can be acquired from here,

https://www.vbulletin.com/purchases/


Product Introduction Overview:

"vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc., a division of Internet Brands. It is written in PHP and uses a MySQL database server."


Since the initial release of the vBulletin forum product in 2000, there have been many changes and improvements. Below is a list of the major revisions and some of the changes they introduced. The current production version is 3.8.7, 4.2.2, and 5.1.3.


Simplified site set up and customization

The new Site Builder makes it easier than ever to build and manage a site. Customizable page templates, drag-and-drop configuration and in-line site editing simplify page layout. A variety of design themes can be easily selected.


Dynamic tools for content discovery

Customizable content modules provide enhanced content discovery, engaging users into deeper site visits. The vBulletin search has been re-architected to significantly improve the quality of its results, further facilitating content discovery.


Sleek new UI features activity stream and increased social engagement

Improved social functionality includes groups, new user profiles, comments functionality, an integrated messaging hub, social content curation, real-time updates and more.


Expanded photo and video capabilities

The new interface invites users to quickly post photos and video, expanding content on vBulletin sites. This media is then leveraged by being better integrated with the rest of a site's content. User profiles provide an engaging aggregation of all media posted by them.


Category-leading mobile optimization

The integrated mobile-optimized version ensures smartphone visitors will stay longer and return.


Robust architecture

Improved architecture provides better performance and easier customization

Built-in SEO helps maximize search traffic

Easy-to-use upgrader tool available for vBulletin 3 and 4 sites, plus importer for sites on other forum software"


(2) Vulnerability Details:

vBulletin web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.


Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. vBulletion has patched some of them. Gmane (pronounced "mane") is an e-mail to news gateway. It allows users to access electronic mailing lists as if they were Usenet newsgroups, and also through a variety of web interfaces. Gmane is an archive; it never expires messages (unless explicitly requested by users). Gmane also supports importing list postings made prior to a list's inclusion on the service. It has published suggestions, advisories, solutions related to important vulnerabilities.


(2.1) The programming code flaw occurs at "forum/help" page. Add "hash symbol" first. Then add script at the end of it.






References:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9469

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9469

http://packetstormsecurity.com/files/authors/11270

https://progressive-comp.com/?a=139222176300014&r=1&w=1%E2%80%8B

http://lists.openwall.net/full-disclosure/2015/02/13/3

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01684.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1588

http://seclists.org/fulldisclosure/2015/Feb/49

https://www.facebook.com/permalink.php?story_fbid=880689078636904&id=825031907535955&__mref=message_bubble

http://shellmantis.tumblr.com/post/118777939056/lifegrey-cve-2014-9469-vbulletin-xss#notes

http://www.tetraph.com/blog/xss-vulnerability/cve-2014-9469-vbulletin-xss/

http://testingcode.lofter.com/post/1cd26eb9_6eec951

https://www.facebook.com/permalink.php?story_fbid=661392814005834&id=594347777377005&__mref=message_bubble

http://tetraph.blogspot.com/2015/05/cve-2014-9469-vbulletin-xss-cross-site.html

https://vulnerabilitypost.wordpress.com/2015/05/12/cve-2014-9469-vbulletin-xss/

https://twitter.com/justqdjing/status/598116948245807105

https://www.facebook.com/computersecurities/posts/375780759275383?http://tetraph.lofter.com/post/1cc758e0_6eeac27

https://plus.google.com/102963385033389079817/posts/1ACxSMZYmCS

http://computerobsess.blogspot.com/2015/05/cve-2014-9469-vbulletin-xss-cross-site.html




评论

热度(27)

  1. 點滴的記錄计算机网络技术 转载了此图片
  2. 计算机网络技术白帽子安全 转载了此图片  到 行者路上有風有雨有彩虹
  3. 计算机网络技术白帽子安全 转载了此图片  到 绿意蛙鸣
  4. 计算机网络技术白帽子安全 转载了此图片  到 IT 计算机&信息网络 技术
  5. 计算机网络技术白帽子安全 转载了此图片
  6. 白帽子安全测试想法 转载了此图片  到 竹意
  7. 白帽子安全测试想法 转载了此图片  到 湛天雲海碧波影
  8. 白帽子安全测试想法 转载了此图片  到 文豆 & 文库
  9. 白帽子安全测试想法 转载了此图片