CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

 

Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS

Product: TennisConnect COMPONENTS System

Vendor: TennisConnect

Vulnerable Versions: 9.927

Tested Version: 9.927

Advisory Publication: Nov 18, 2014

Latest Update: Nov 18, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-8490

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]

 

 

Advisory Details:

 

(1) Vendor URL:

http://www.tennisconnect.com/products.cfm#Components

 

Product Description:

TennisConnect COMPONENTS

* Contact Manager (online player database)

* Interactive Calendar including online enrollment

* League & Ladder Management through Tencap Tennis

* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)

* Multi-Administrator / security system with Page Groups

* Member Administration

* MobileBuilder

* Online Tennis Court Scheduler

* Player Matching (Find-a-Game)

* Web Site Builder (hosted web site and editing tools at www. your domain name .com)

 

 

(2) Vulnerability Details.

TennisConnect COMPONENTS System has a security problem. It is vulnerable to XSS attacks.

(2.1) The vulnerability occurs at “/index.cfm?” page, with “&pid” parameter.

 

 

 

 


References:

http://packetstormsecurity.com/files/129662/TennisConnect-9.927-Cross-Site-Scripting.html

http://tetraph.com/security/cves/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8490

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8490

http://www.osvdb.org/show/osvdb/116149

http://cve.scap.org.cn/CVE-2014-8490.html

http://en.hackdig.com/?11701.htm

http://itsecurity.lofter.com/

http://seclists.org/fulldisclosure/2014/Dec/83

http://securitypost.tumblr.com/

http://computerobsess.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/

http://whitehatpost.blog.163.com/blog/static/2422320542015110102316210/#

http://tetraph.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1352
 

 



CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: JCE-Tech “Video Niche Script” /view.php Multiple Parameters XSS
Product: “Video Niche Script”
Vendor: JCE-Tech
Vulnerable Versions: 4.0
Tested Version: 4.0
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8752
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]

 

 

Advisory Details:

 

(1) Vendor URL:
Product Description:
“The PHP Video Script instantly creates a niche video site based on keywords users control via the admin console. The videos are displayed on users’ site, but streamed from the YouTube servers.”

 

(2) Vulnerability Details.
JCE-Tech “Video Niche Script” has a security problem. It is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “view.php” page with “video”, “title” parameter.

 

 

 

 

References:

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-7293  NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-7293

Risk Level: Medium

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

(1)Vendor URL:

Product Description:

“NYU has integrated PDS with Sun’s OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries’ single sign-on system and leverages NYU’s OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services.”

“The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library’s SSO environment. The exception to this rule is EZProxy.”

(2) Vulnerability Details:

NYU OpenSSO Integration has a security problem. It can be exploited by XSS Attacks.

(2.1) The vulnerability occurs at “PDS” service’s logon page, with “&url” parameter,

 

 

 

References:

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-9561  Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9561

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

 

Advisory Details:

Vendor URL:

(2) Vulnerability Details:

Softbb.net SoftBB can be exploited by XSS Attacks.

(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

 

 

References:

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

 

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)

CVE Reference: CVE-2014-9560

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

Vendor URL:

(2) Vulnerability Details:

Softbb.net SoftBB can be exploited by SQL Injection attacks.

(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

References:

CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

 

Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
Product: WebPress
Vendor: goYWP
Vulnerable Versions: 13.00.06
Tested Version: 13.00.06
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8751
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

 

Advisory Details:
(1) Product
“WebPress is the foundation on which we build web sites. It’s our unique Content Management System (CMS), flexible enough for us to build your dream site, and easy enough for you to maintain it yourself.”

 

(2) Vulnerability Details:
goYWP WebPress has a security problem. It is vulnerable to XSS attacks.
(2.1) The first security vulnerability occurs at “/search.php” page with “&search_param” parameter in HTTP GET.
(2.2) The second security vulnerability occurs at “/forms.php” (form submission ) page with “&name”, “&address” “&comment” parameters in HTTP POST.

 

References:

CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability

 

Exploit Title: Springshare LibCal Multiple XSS (Cross-Site Scripting) Vulnerability

Product: LibCal

Vendor: Springshare

Vulnerable Versions: 2.0

Tested Version: 2.0

Advisory Publication: Nov 25, 2014

Latest Update: Nov 25, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-7291

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Solution Status: Fixed by Vendor

Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

 

 

 

 

 

Advisory Details

(1) Product:

“Springshare LibCal is an easy to use calendaring and event management platform for libraries. Used by 1,600+ libraries worldwide.”

 

 

(2) Vulnerability Details:

Springshare LibCal has a security problem. It is vulnerable to XSS attacks.

The XSS vulnerabilities occur at “/api_events.php?” page, with “&m” and “&cid” parameters.

 

 

(3) Solutions:

2014-10-01: Report vulnerability to Vendor

2014-10-15: Vendor replied with thanks and vendor changed the source code

 

 

 

 

 

References:

CNN cnn.com ADS Open Redirect Security Vulnerability

CNN cnn.com ADS Open Redirect Security Vulnerability 



Domain:
Based on news published, CNN users were hacked by both Open Redirect vulnerability in 2007.
According to E Hacker News on June 06, 2013, (@BreakTheSec) came across a diet spam campaign that leverages the open redirect vulnerability in one of the top News organization CNN.
“The tweet apparently shows cyber criminals managed to leverage the open redirect security flaw in the CNN to redirect twitter users to the Diet spam websites.” (E hacker News)

After the attack, CNN takes measures to detect Open Redirect vulnerabilities. The measure is quite good during the tests. Almost no links are vulnerable to Open Redirect attack on CNN’s website, now. It takes long time to find a new Open Redirect vulnerability that is un-patched on its website.

 

 

 
 
 
 
Vulnerability Description:
CNN has a security problem. It is vulnerable to Open Redirect attacks.
The vulnerability occurs at “http://ads.cnn.com/event.ng” page with “&Redirect” parameter, i.e.
The vulnerability can be attacked without user login. Tests were performed on Chrome 32 in Windows 8 and Safari 6.16 in Mac OS X v10.7.

 

(1) Use the following tests to illustrate the scenario painted above.
The redirected webpage address is “http://www.tetraph.com/blog“. Suppose that this webpage is malicious.
Vulnerable URL:
POC:

(2) Poc Video:

Those vulnerabilities were reported to CNN in early July by Contact from Here.
http://edition.cnn.com/feedback/#cnn_FBKCNN_com

 

Reported by:
Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.

All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (cross site scripting) Attacks

All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (cross site scripting) Attacks 



Domain Description:
“According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English newspaper in India with a readership of 7.643 million. This ranks the Times of India as the top English daily in India by readership.” (en.Wikipedia.org)

Vulnerability description:
The vulnerability occurs at Indiatimes’s URL links. Indiatimes only filter part of the filenames in its website. All URLs under Indiatimes’s “photogallery” and “top-llists” topics are affected.
Indiatimes uses part of the links under “photogallery” and “top-llists” topics to construct its website content without any checking of those links at all. This mistake is very popular in nowaday websites. Developer is not security expert.
The vulnerability can be attacked without user login. Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (8.0. 7601) in Windows 7.





POC Codes:
http://www.indiatimes.com/photogallery/“><img src=x onerror=prompt(‘justqdjing’)>
http://www.indiatimes.com/top-lists/“><img src=x onerror=prompt(‘justqdjing’)>
http://www.indiatimes.com/photogallery/lifestyle/“><img src=x onerror=prompt(‘justqdjing’)>
http://www.indiatimes.com/top-lists/technology/“><img src=x onerror=prompt(‘justqdjing’)>




POC Video:
The vulnerabilities were reported to Indiatimes in early September, 2014. However they are still unpatched.
Reported by:
Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.

Related Articles:
http://www.techworm.net/2014/12/times-india-website-vulnerable-cross-site-scripting-xss-attacks.html
http://seclists.org/fulldisclosure/2014/Nov/91
http://www.tetraph.com/blog/web-security/times-of-india-website-vulnerable-to-cross-site-scripting-xss-attacks/
https://cxsecurity.com/issue/WLB-2014120004
http://vulnerabilitypost.wordpress.com/2014/12/04/all-links-in-two-topics-of-indiatimes-indiatimes-com-are-vulnerable-to-xss-cross-site-scripting-attacks/
http://whitehatpost.blog.163.com/blog/static/2422320542014114750445/#
http://user.qzone.qq.com/2519094351/blog/1417685447

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability

 

Exploit Title: “Ping Identity Corporation” “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability
Product: PingFederate 6.10.1 SP Endpoints
Vendor: Ping Identity Corporation
Vulnerable Versions: 6.10.1
Tested Version: 6.10.1
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: URL Redirection to Untrusted Site [CWE-601]
CVE Reference: CVE-2014-8489
CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 10.0
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

 

Advisory Details

 

(1) Product:
“PingFederate is a best-of-breed Internet-identity security platform that implements multiple standards-based protocols to provide cross-domain single sign-on (SSO) and user-attribute exchange, as well as support for identity-enabled Web Services and cross-domain user provisioning.”

 

(2) Vulnerability Details:
PingFederate 6.10.1 SP Endpoints is vulnerable to Dest Redirect Privilege Escalation attacks.
The security vulnerability occurs at “/startSSO.ping?” page with “&TargetResource” parameter.

 

References: