=============================== MyST BlogSite | Multiple Vulnerabilities =============================== 1. VULNERABILITY DESCRIPTION --> Issue Title: Arbitrary URL Redirect Component: MyST BlogSite ClickDirector Ref: OWASP - Top 10 - 2010 - A10 Ref-Link: https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards Proof-Of-Concept: http://blogsite.com/public/click/~sites/attacker.in/malware_exists_in_this_page/ http://blog.cenzic.com/public/click/~sites/attacker.in/malware_exists_in_this_page/ [FIXED] --> Issue Title: Information Leakage Ref: WASC-13 Ref-Link: http://projects.webappsec.org/w/page/13246936/Information-Leakage This could be used to brute force (http://blogsite.com/login) Proof-Of-Concept: http://blogsite.com/public/mostl/1 http://blogsite.com/public/mostl/2 http://blogsite.com/public/my-account/1 http://blogsite.com/public/my-account/2 http://blogsite.com/public/object/1 http://blogsite.com/public/object/2 http://blogsite.com/public/object/3 --> Issue Title: Arbitrary Text Insertion This could be used to deliver defamatory message to unaware users. Proof-of-Concept: http://blogsite.com/public/mostl-action/1?action=Browse&text=This%20blog%20was%200wned! 2. VENDOR MyST Technology Partners, Inc. http://myst-technology.com/ 4. DISCLOSURE TIME-LINE 2011-04-17: reported vendor 2011-07-16: vulnerability found unfixed 2011-07-16: vulnerability disclosed 5. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/[MyST_BlogSite]_vulnerabilities_2011-07 #yehg [2011-07-16] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/