what you don't know can hurt you

Umbraco 4.x Open Proxy

Umbraco 4.x Open Proxy
Posted Apr 6, 2012
Authored by Florent Daigniere | Site trustmatta.com

Vulnerable installations of Umbraco allow unauthenticated users to abuse the script FeedProxy.aspx into proxying requests on their behalf through the "url" parameter.

tags | advisory
advisories | CVE-2012-1301
MD5 | fad2fd3c57028469bc63e5faa4559a02

Umbraco 4.x Open Proxy

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



Matta Consulting - Matta Advisory
https://www.trustmatta.com

Umbraco Open Proxy Vulnerability

Advisory ID: MATTA-2012-001
CVE reference: CVE-2012-1301
Affected platforms: Umbraco
Version: 4.x
Date: 2012-January-26
Security risk: High
Vulnerability: Umbraco bundles a script behaving like an open-proxy
Researcher: Florent Daigniere
Vendor Status: Notified
Vulnerability Disclosure Policy:
https://www.trustmatta.com/advisories/matta-disclosure-policy-01.txt
Permanent URL:
https://www.trustmatta.com/advisories/MATTA-2012-001.txt

=====================================================================
Description:

Vulnerable installations of Umbraco allow unauthenticated users to
abuse the script FeedProxy.aspx into proxying requests on their
behalf through the "url" parameter.

=====================================================================
Impact

Anyone with access to the management interface of umbraco can abuse
FeedProxy script into proxying requests for them.

The impact of such vulnerability is difficult to measure and depends
on the specifics of the deployment. Typically, this can allow
attackers to connect to other systems, bypassing controls or be
abused to trick users and browsers into performing actions they
wouldn't otherwise consider (XSS, phishing, ...).

This particular vulnerability can also be abused to create a powerful
Denial of Service: a single recursive proxy-request will take the
application server down and, depending on the configuration of the
server, might severely affect unrelated services.

=====================================================================
Versions affected:

Umbraco version 4.7.0 tested.

=====================================================================
Threat mitigation

Matta consultants recommend deleting the FeedProxy script or
upgrading umbraco to version 5+.

=====================================================================
Credits

This vulnerability was discovered and researched by Florent Daigniere
from Matta Consulting.

=====================================================================
History

26-01-12 initial discovery
21-02-12 initial attempt to contact the vendor
24-02-12 second attempt to contact the vendor
27-02-12 third attempt to contact the vendor
27-02-12 response from the vendor \o/
27-02-12 draft of this advisory is sent to the vendor
29-02-12 CVE-2012-1301 is assigned
05-04-12 publication of the advisory

=====================================================================
About Matta

Matta is a privately held company with Headquarters in London, and a
European office in Amsterdam. Established in 2001, Matta operates
in Europe, Asia, the Middle East and North America using a respected
team of senior consultants. Matta is an accredited provider of
Tiger Scheme training; conducts regular research and is the developer
behind the webcheck application scanner, and colossus network scanner.

https://www.trustmatta.com
https://www.trustmatta.com/training.html
https://www.trustmatta.com/webapp_va.html
https://www.trustmatta.com/network_va.html

=====================================================================
Disclaimer and Copyright

Copyright (c) 2012 Matta Consulting Limited. All rights reserved.
This advisory may be distributed as long as its distribution is
free-of-charge and proper credit is given.

The information provided in this advisory is provided "as is" without
warranty of any kind. Matta Consulting disclaims all warranties, either
express or implied, including the warranties of merchantability and
fitness for a particular purpose. In no event shall Matta Consulting or
its suppliers be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or
special damages, even if Matta Consulting or its suppliers have been
advised of the possibility of such damages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJPfWvwAAoJEG6QUCsisixssyUH/3R6+ziOQBHR9UKiNXfCnGz6
aR6h7tribWMskEb2t6RXGoEB4BS2upnzIqHYz15VbaOCHA3Gs3oUYvvsaQunf+bu
taYuuDW4dHEoHnuTHrcLELmczRDmg0hAnyYaE1oizQikUgnSWJ1zeqTxdh6PH3vi
cXrduM7mBZl2dJpIEOCCDspqxAMkv+qostOBQwW3xlLDKE+eyD+DzwMzWBU9WRXQ
dT6X8tp2MQb4Ut5sp8NOeq5mQlCjFpEMp3XZtekEDofMd3vH0V+1QRwOOZ3an+u1
VOAOIN+1KzRuIPHAH0XUKz07OQOUhD1DGPqFl+Hajk2XO0zh5X7Y0uVQ9KLp8C0=
=rBjG
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close