MyST BlogSite suffers from arbitrary URL redirection and information leakage vulnerabilities.
dd0ed1a7586c2c7a527c787f0f9809a44eb89174113c053def2f34d5f65d472f===============================
MyST BlogSite | Multiple Vulnerabilities
===============================
1. VULNERABILITY DESCRIPTION
--> Issue Title: Arbitrary URL Redirect
Component: MyST BlogSite ClickDirector
Ref: OWASP - Top 10 - 2010 - A10
Ref-Link: https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
Proof-Of-Concept:
http://blogsite.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
http://blog.cenzic.com/public/click/~sites/attacker.in/malware_exists_in_this_page/
[FIXED]
--> Issue Title: Information Leakage
Ref: WASC-13
Ref-Link: http://projects.webappsec.org/w/page/13246936/Information-Leakage
This could be used to brute force (http://blogsite.com/login)
Proof-Of-Concept:
http://blogsite.com/public/mostl/1
http://blogsite.com/public/mostl/2
http://blogsite.com/public/my-account/1
http://blogsite.com/public/my-account/2
http://blogsite.com/public/object/1
http://blogsite.com/public/object/2
http://blogsite.com/public/object/3
--> Issue Title: Arbitrary Text Insertion
This could be used to deliver defamatory message to unaware users.
Proof-of-Concept:
http://blogsite.com/public/mostl-action/1?action=Browse&text=This%20blog%20was%200wned!
2. VENDOR
MyST Technology Partners, Inc.
http://myst-technology.com/
4. DISCLOSURE TIME-LINE
2011-04-17: reported vendor
2011-07-16: vulnerability found unfixed
2011-07-16: vulnerability disclosed
5. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[MyST_BlogSite]_vulnerabilities_2011-07
#yehg [2011-07-16]
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed