CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Web Application Zero Day Bug
Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS
Product: SnipSnap
Vulnerable Versions: 0.5.2a 1.0b1 1.0b2
Tested Version: 0.5.2a 1.0b1 1.0b2
Advisory Publication: Jan 30, 2015
Latest Update: Jan 30, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9559
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Advisory Details:
(1) Vendor & Product Description
Vendor:
SnipSnap
Product & Version:
SnipSnap
0.5.2a
1.0b1
1.0b2
Vendor URL & Download:
Product Description:
“SnipSnap is a user friendly content management system with features such as wiki and weblog. “
(2) Vulnerability Details:
Snipsnap
web application has a computer security problem. Hackers can exploit it
by XSS cyber attacks. This may allow a remote attacker to create a
specially crafted request that would execute arbitrary script code in a
user's browser session within the trust relationship between their
browser and the server.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Snipsnap has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Snipsnap has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.
(2.1) The code flaw occurs at “snipsnap-search?” page with “query” parameter.
References:
http://seclists.org/
http://computerobsess.blogspot.com/2015/02/cve-2014-9559-snipsnap-xss-cross-site.html
http://computerobsess.blogspot.com/2015/02/cve-2014-9559-snipsnap-xss-cross-site.html
http://tetraph.com/security/
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01639.html
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01639.html
No comments:
Post a Comment