CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
Product: InstantForum.NET
Vendor: InstantASP
Vulnerable Versions: v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Tested Version: v4.1.3 v4.1.1 v4.1.2
Advisory Publication: February 18, 2015
Latest Update: April 05, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9468
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Preposition Details:
(1) Vendor & Product Description:
Vendor:
InstantASP
Product & Version:
InstantForum.NET
v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Vendor URL & Download:
InstantForum.NET can be purchased from here,
Product Introduction Overview:
“InstantForum.NET
is a feature rich, ultra high performance ASP.NET & SQL Server
discussion forum solution designed to meet the needs of the most
demanding online communities or internal collaboration environments. Now
in the forth generation, InstantForum.NET has been completely rewritten
from the ground-up over several months to introduce some truly unique
features & performance enhancements."
"The
new administrator control panel now offers the most comprehensive
control panel available for any ASP.NET based forum today. Advanced
security features such as role based permissions and our unique
Permission Sets feature provides unparalleled configurable control over
the content and features that are available to your users within the
forum. Moderators can easily be assigned to specific forums with
dedicated moderator privileges for each forum. Bulk moderation options
ensure even the busiest forums can be managed effectively by your
moderators."
"The
forums template driven skinning architecture offers complete
customization support. Each skin can be customized to support a
completely unique layout or visual appearance. A single central style
sheet controls every aspect of a skins appearance. The use of unique
HTML wrappers and ASP.NET 1.1 master pages ensures page designers can
easily integrate an existing design around the forum. Skins, wrappers
& master page templates can be applied globally to all forums or to
any specific forum."
(2) Vulnerability Details:
InstantForum.NET web
application has a cyber security bug problem. It can be exploited by
stored XSS attacks. This may allow a remote attacker to create a
specially crafted request that would execute arbitrary script code in a
user's browser session within the trust relationship between their
browser and the server.
Several
other similar products 0-day vulnerabilities have been found by some
other bug hunter researchers before. InstantForum has patched some of
them. BugScan is the first community-based scanner, experienced five
code refactoring. It has redefined the concept of the scanner provides
sources for the latest info-sec news, tools, and advisories. It also
publishs suggestions, advisories, cyber intelligence, attack defense and
solutions details related to important vulnerabilities.
(2.1) The first programming code flaw occurs at "&SessionID" parameter in “Join.aspx?” page.
(2.2) The second programming code flaw occurs at "&SessionID" parameter in “Logon.aspx?” page.
