CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities

101770458-497953315.530x298

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities



Exploit Title: CVE-2015-2349 – SuperWebMailer /defaultnewsletter.php” HTMLForm Parameter XSS Web Security Vulnerabilities

Product: SuperWebMailer

Vendor: SuperWebMailer

Vulnerable Versions: 5.*.0.*   4.*.0.*

Tested Version: 5.*.0.*   4.*.0.*

Advisory Publication: March 11, 2015

Latest Update: May 03, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2015-2349

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Author and Creditor: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)








Information Details:



(1) Vendor & Product Description:



Vendor:

SuperWebMailer




Product & Vulnerable Versions:

SuperWebMailer

5.60.0.01190

5.50.0.01160

5.40.0.01145

5.30.0.01123

5.20.0.01113

5.10.0.00982

5.05.0.00970

5.02.0.00965

5.00.0.00962

4.50.0.00930

4.40.0.00917

4.31.0.00914

4.30.0.00907

4.20.0.00892

4.10.0.00875



Vendor URL & Download:

SuperWebMailer can be gained from here,

http://www.superwebmailer.de/




Product Introduction Overview:

“Super webmail is a web-based PHP Newsletter Software. The web-based PHP Newsletter Software Super webmail is the optimal solution for the implementation of a successful e-mail marketing.”


“To use the online PHP Newsletter Script is your own website / server with PHP 4 or newer, MySQL 3.23 or later and the execution of CronJobs required. Once installed, the online newsletter software Super webmail can be served directly in the browser. The PHP Newsletter Tool Super webmail can therefore be used platform-independent all operating systems such as Windows, Linux, Apple Macintosh, with Internet access worldwide. The PHP Newsletter Script allows you to manage your newsletter recipients including registration and deregistration from the newsletter mailing list by double-opt In, Double Opt-Out and automatic bounce management. Send online your personalized newsletter / e-mails in HTML and Text format with embedded images and attachments immediately in the browser or by CronJob script in the background immediately or at a later. With the integrated tracking function to monitor the success of the newsletter mailing, if thereby the openings of the newsletter and clicks on links in the newsletter graphically evaluated and presented. Put the integrated autoresponder to autorun absence messages or the receipt of e-mails to confirm.”


“It is now included CKEditor 4.4.7. An upgrade to the latest version is recommended as an in CKEditor 4.4.5 Vulnerability found. Super webmail from immediately contains new chart component for the statistics that do not need a flash and are therefore also represented on Apple devices. For the Newsletter tracking statistics is now an easy print version of the charts available that can be printed or saved with PDF printer driver installed in a PDF file. When viewing the e-mails in the mailing lists of the sender of the email is displayed in a column that sent the e-mail to the mailing list. For form creation for the newsletter subscription / cancellation are now available variant”






(2) Vulnerability Details:

SuperWebMailer web application has a computer security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. 



Several other related products 0-day vulnerabilities have been found by some other bug hunter researchers before. SuperWebMailer has patched some of them. FusionVM Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to web application vulnerabilities.


(2.1) The programming code flaw occurs at “&HTMLForm” parameter in “defaultnewsletter.php?” page.










Related Work:

http://seclists.org/fulldisclosure/2015/Mar/55

http://www.securityfocus.com/bid/73063

http://lists.openwall.net/full-disclosure/2015/03/07/3

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1819

http://packetstormsecurity.com/files/131288/ECE-Projects-Cross-Site-Scripting.html

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551542201539&w=2

https://cxsecurity.com/issue/WLB-2015030043

http://aibiyi.lofter.com/post/1cc9f4e9_6edf9bf

http://tetraph.tumblr.com/post/118764414962/canghaixiao-cve-2015-2349-superwebmailer

http://canghaixiao.tumblr.com/post/118764381217/cve-2015-2349-superwebmailer-5-50-0-01160-xss

http://essaybeans.lofter.com/post/1cc77d20_6edf28c

https://www.facebook.com/essaybeans/posts/561250300683107

https://twitter.com/essayjeans/status/598021595974602752

https://www.facebook.com/pcwebsecurities/posts/687478118064775

http://tetraph.blog.163.com/blog/static/234603051201541231655569/

https://plus.google.com/112682696109623633489/posts/djqcrDw5dQp

http://essayjeans.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html

https://mathfas.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/

http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2349-superwebmailer-5-50-0-01160-xss/

https://vulnerabilitypost.wordpress.com/2015/05/12/cve-2015-2349-superwebmailer-5-50-0-01160-xss/

http://aibiyi.blogspot.com/2015/05/cve-2015-2349-superwebmailer-550001160.html






CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

maxresdefault
Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
CVE Reference: CVE-2014-9560
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

http://webtechhut.blogspot.com/2015/02/cve-2014-9560-softbbnet-softbb-sql.html

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

it_photo_110980

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9561

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/xss-vulnerability/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability

examine_binary-300x215

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Open Redirect [CWE-601]

CVE Reference: CVE-2014-7294

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

http://webtechhut.blogspot.com/2015/02/cve-2014-7294-nyu-opensso-integration.html

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

Computer Circuit Board

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-7293

Risk Level: Medium

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

http://whitehatpost.blog.163.com/blog/static/24223205420151109249850

CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability

MIDI_188_computer_smart_phone_with_GPS_and_wifi_windows_mobile_6_1
 
 
Exploit Title: JCE-Tech “Video Niche Script” /view.php Multiple Parameters XSS
Product: “Video Niche Script”
Vendor: JCE-Tech
Vulnerable Versions: 4.0
Tested Version: 4.0
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8752
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6 
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]
 

https://biyiniao.wordpress.com/2015/02/10/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/

CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability

mobile phone on a computer keyboard

Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
CVE Reference: CVE-2014-9558
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]

http://yurusi.blogspot.com/2015/02/cve-2014-9558-smartcms-multiple-sql.html

CVE-2014-9557 SMARTCMS MULTIPLE XSS (CROSS-SITE SCRIPTING) SECURITY VULNERABILITY

2248.Secure_Boot1_5AF59670

Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9557
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]

https://itswift.wordpress.com/2015/02/11/cve-2014-9557-smartcms-multiple-xss-cross-site-scripting-security-vulnerability/

美国有线电视新闻网络 (CNN) 出现 XSS 及 Open Redirect 安全漏洞

美国有线电视新闻网络 (CNN) 出现 XSS 及 Open Redirect 安全漏洞

CNN (美 国有线电视新闻网络) 出现一个安全漏洞,可被XSS及Open Redirect攻击利用。受到攻击之后,CNN采取措施检测Open Redirect 漏洞。这一措施在测试阶段表现良好。CNN的网站几乎不存在易受Open Redirect攻击的链接。但网站上仍有一个Open Redirect漏洞 未被修复。CNN.com曾于2013年受到Open Redirect的攻击,于2007年受到XSS攻击。该漏洞由南洋理工大学数学系安全研究人员王 晶 (Wang Jing) 发现并报告。

web-loco-formazione

该 漏洞可在没有用户登录凭证的情况下被利用。作者称XSS漏洞在Ubuntu (14.04) 的Firefox (34.0) 以及Windows 7的 IE (9.0.15) 上进行了测试。Open Redirect漏洞在Windows 8的Chrome 32以及Mac OS X v10.7的 Safari 6.16上进行了测试。POC网址为https://www.youtube.com/watch?v=Cu47XiDV38M& feature=youtu.be;以及https://www.youtube.com/watch?v=FE8lhDvKGN0& feature=youtu.be

http://securityrelated.blogspot.com/2014/12/cnn-cnncom-travel-xss-and-ads-open.html

OAuthとOpenIDに深刻な脆弱性か–Facebookなど大手サイトに影響も

OAuthとOpenIDに深刻な脆弱性か–Facebookなど大手サイトに影響も

 

 

OpenSSLの脆弱性「Heartbleed」に続き、人気のオープンソースセキュリティソフトウェアでまた1つ大きな脆弱性が見つかった。今回、脆弱性が見つかったのはログインツールの「OAuth」と「OpenID」で、これらのツールは多数のウェブサイトと、Google、Facebook、Microsoft、LinkedInといったテクノロジ大手に使われている。

 

 

 

computers_geek_nerd_binary_com_2560x1600_wallpaperfo.com

 

 

シンガポールにあるNanyang Technological University(南洋理工大学)で学ぶ博士課程の学生Wang Jing氏は、「Covert Redirect」という深刻な脆弱性によって、影響を受けるサイトのドメイン上でログイン用ポップアップ画面を偽装できることを発見した。Covert Redirectは、既知のエクスプロイトパラメータに基づいている。

 

 

たとえば、悪意あるフィッシングリンクをクリックすると、Facebook内でポップアップウィンドウが開き、アプリを許可するよう求められる。 Covert Redirect脆弱性の場合、本物に似た偽ドメイン名を使ってユーザーをだますのではなく、本物のサイトアドレスを使って許可を求める。

 

 

http://www.asahi.com/tech_science/cnet/CCNET35047497.html