VuFind 1.0 Reflected XSS (Cross-site Scripting) Application 0-Day Web Security Bug

VuFind 1.0 Reflected XSS (Cross-site Scripting) Application 0-Day Web Security Bug

 

Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability

Product: VuFind

Vendor: VuFind

Vulnerable Versions: 1.0

Tested Version: 1.0

Advisory Publication: September 20, 2015

Latest Update: September 25, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference:

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

mnpals_net_vufind_xss2

 

vufind_cmu_xss1




Caution Details:

 

(1) Vendor & Product Description:



Vendor:

VuFind

 

Product & Vulnerable Versions:

VuFind

1.0

 

Vendor URL & Download:

Product can be obtained from here,
http://sourceforge.net/p/vufind/news/

 

Product Introduction Overview:

“VuFind is a library resource portal designed and developed for libraries by libraries. The goal of VuFind is to enable your users to search and browse through all of your library’s resources by replacing the traditional OPAC to include: Catalog Records, Locally Cached Journals, Digital Library Items, Institutional Repository, Institutional Bibliography, Other Library Collections and Resources. VuFind is completely modular so you can implement just the basic system, or all of the components. And since it’s open source, you can modify the modules to best fit your need or you can add new modules to extend your resource offerings. VuFind runs on Solr Energy. Apache Solr, an open source search engine, offers amazing performance and scalability to allow for VuFind to respond to search queries in milliseconds time. It has the ability to be distributed if you need to spread the load of the catalog over many servers or in a server farm environment. VuFind is offered for free through the GPL open source license. This means that you can use the software for free. You can modify the software and share your successes with the community! Take a look at our VuFind Installations Wiki page to see how a variety of organizations have taken advantage of VuFind’s flexibility. If you are already using VuFind, feel free to edit the page and share your accomplishments. “

 

 

 

(2) Vulnerability Details:

VuFind web application has a computer security problem. Hackers can exploit it by reflected XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug researchers before. VuFind has patched some of them. “scip AG was founded in 2002. We are driven by innovation, sustainability, transparency, and enjoyment of our work. We are completely self-funded and are thus in the comfortable position to provide completely independent and neutral services. Our staff consists of highly specialized experts who focus on the topic information security and continuously further their expertise through advanced training”.

 

(2.1) The code flaw occurs at “lookfor?” parameter in “/vufind/Resource/Results?” page.

 

Some other researcher has reported a similar vulnerability here and VuFind has patched it.
https://vufind.org/jira/si/jira.issueviews:issue-html/VUFIND-54/VUFIND-54.html

 

 

 

(3) Solution:

Update to new version.

 

 

 

 

References:
http://tetraph.com/security/xss-vulnerability/vufind-xss/
http://russiapost.blogspot.ru/2015/09/vufind-xss-issue.html
https://infoswift.wordpress.com/2015/09/25/vufind-issue/
http://www.openwall.com/lists/oss-security/2015/09/25/2
http://whitehatview.tumblr.com/post/129834589981/vufind-xss-bugs
http://itsecurity.lofter.com/post/1cfbf9e7_854cb25
https://progressive-comp.com/?l=oss-security&m=144316469829656&w=1
http://essayjeans.blog.163.com/blog/static/23717307420158253407863/
http://seclists.org/oss-sec/2015/q3/639
http://frenchairing.blogspot.fr/2015/09/vufind-bug.html
https://itswift.wordpress.com/2015/09/22/vufind-0day/
http://permalink.gmane.org/gmane.comp.security.oss.general/17836

 

 

Advertisements
Posted in Web Application, XSS Vulnerability | Tagged , , , | Leave a comment

浮生半日 烟火红尘 一念清净 烈焰成池

BeautifulNature3-610x320_diebiyi

 

“半生漂泊,每一次雨打归舟”,浮生半日,烟火红尘,也说饮鸩不止渴,然终是一杯清茶洗过尘心,弦拨心上,山岚依如茶杯上的云烟。谁是谁别了三生三世的影,两吊钱赎回的旧梦遗风,谁还醉唱挽歌浅斟一盏薄情,清酒一壶就醉生梦死了时光。
 
苦雪烹茶安然度过世界末日,许多人和事都重生了,我想我也会忘了那只乌鸦在末日的方舟上几番徘徊,飞过无痕,狮子却说爱我就让全世界都知道。爱是一场荨麻 疹,容我再洗净铅华,待千帆过尽。这一别两宽心,各生新欢喜。太阳升起的时候,举目四方宿命繁星。如陈亦迅唱那首苦瓜:当你干杯再举箸,突然间相看莞尔, 某萧瑟晚秋深夜,忽而明了了,而黄叶便碎落。
 
时间很短,天涯很远。自当终有弱水替三千。今宵请你多珍重,方配这半世流离醉笑三千场离散河两岸,江湖相忘。这杯烈酒下肚,碎一地离殇亦无需你刻意唱一曲骊歌摆渡,烟草的味道,风会把它稀释掉。
 
麦田几次成熟容我焚香安静的难过,心怀感恩,祈福。
 
诗经里说:一月气聚,二月水谷,三月驼云,四月裂帛,五月袷衣,六月莲灿,七月兰浆,八月诗禅,九月浮槎,十月女泽,十一月乘衣归,十二月风雪客。微雨突袭的三月桃花春柳拂面的桥头,可有良人云里衣衫?四月裂帛裂了思,陌上花谢了,可徐徐归么?
 
孰说世间所有的相遇都是久别重逢,亦记得某年某月某日小北说:我可以留着你,也可以放任自由。
 
 
 

期:浮世流光,惜物恋人。一念清净,烈焰成池。
 
寸寸云文不成文,如果是伤了春悲了秋,写一路醉,哭一路歌,扯断心神,终亦忘却寒山。诗人,你如山的行囊里数
 
不尽的人间烟柳可载得起这坛醉生梦死?
 
烟水悠悠,淡酒一盏,十二月风雪客,同年同月同日刮着同个方向同样度数的风,都已不是当时。我想我是在待着一位故人,他还没有来,也许在来的路途上,我且沏好了茶,待着,如此 就好。

 
 
 

转载自蝶比翼美文:
http://diebiyi.com/articles/essay/shishi/

Posted in Articles, Life | Tagged , , , , , , , , | Leave a comment

Youth – Time of Beautiful Emotion

marguerite-729510_640_inzeed

 

Youth is not a time of life; it is a state of mind; it is not a matter of rosy cheeks, red lips and supple knees; it is a matter of the will, a quality of the imagination, a vigor of the emotions; it is the freshness of the deep springs of life.

 

Youth means a temperamental predominance of courage over timidity, of the appetite for adventure over the love of ease. This often exists in a man of 60 more than a boy of 20. Nobody grows old merely by a number of years. We grow old by deserting our ideals.

 

Years may wrinkle the skin, but to give up enthusiasm wrinkles the soul. Worry, fear, self-distrust bows the heart and turns the spirit back to dust.

 

Whether 60 or 16, there is in every human being’s heart the lure of wonders, the unfailing appetite for what’s next and the joy of the game of living. In the center of your heart and my heart, there is a wireless station; so long as it receives messages of beauty, hope, courage and power from man and from the infinite, so long as you are young.

 

When your aerials are down, and your spirit is covered with snows of cynicism and the ice of pessimism, then you’ve grown old, even at 20; but as long as your aerials are up, to catch waves of optimism, there’s hope you may die young at 80.

 

 

From:
http://www.inzeed.com/kaleidoscope/life/youth/

Posted in Articles, Life | Tagged , , | Leave a comment

Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

 

 

Exploit Title: Winmail Server badlogin.php &lid parameter Reflected XSS Web Security Vulnerability

Product: Winmail Server

Vendor: Winmail Server

Vulnerable Versions: 4.2 4.1

Tested Version: 4.2 4.1

Advisory Publication: August 24, 2015

Latest Update: August 30, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference:

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

winmail_page1

 

winmail_xss

 

 

Caution Details:

 



(1) Vendor & Product Description:

Vendor:

Winmail Server

 

Product & Vulnerable Versions:

Winmail Server

4.2 4.1

 

Vendor URL & Download:

Product can be obtained from here,
http://www.magicwinmail.net/download.asp

 


Product Introduction Overview:

“Winmail Server is an enterprise class mail server software system offering a robust feature set, including extensive security measures. Winmail Server supports SMTP, POP3, IMAP, Webmail, LDAP, multiple domains, SMTP authentication, spam protection, anti-virus protection, SSL security, Network Storage, remote access, Web-based administration, and a wide array of standard email options such as filtering, signatures, real-time monitoring, archiving, and public email folders. Winmail Server can be configured as a mail server or gateway for ISDN, ADSL, FTTB and cable modem networks, beyond standard LAN and Internet mail server configurations.”

 

 

 


(2) Vulnerability Details:

Winmail Server web application has a computer security problem. Hackers can exploit it by reflected XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Winmail Server has patched some of them. “scip AG was founded in 2002. We are driven by innovation, sustainability, transparency, and enjoyment of our work. We are completely self-funded and are thus in the comfortable position to provide completely independent and neutral services. Our staff consists of highly specialized experts who focus on the topic information security and continuously further their expertise through advanced training”. Scip has recorded similar XSS bugs, such as scipID 26980.

 

(2.1) The code flaw occurs at “&lid” parameter in “badlogin.php” page. In fact, CVE-2005-3692 mentions that “&retid” parameter in “badlogin.php” page is vulnerable to XSS attacks. But it does not mention “&lid” parameter”. The scipID of the bug is 26980. Bugtraq (SecurityFocus) ID is 15493. OSVDB ID is 20926.

 

 

 

 

 

Posted in Web Application, XSS Vulnerability | Tagged , , , , | Leave a comment

KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

 

Exploit Title: KnowledgeTree login.php &errorMessage parameter Reflected XSS Web Security Vulnerability

Product: Knowledge Tree Document Management System

Vendor: Knowledge Inc

Vulnerable Versions: OSS 3.0.3b

Tested Version: OSS 3.0.3b

Advisory Publication: August 22, 2015

Latest Update: August 31, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference:

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

knowledge_tree_page

 

 

knowledge tree_xss

 

 

 

 

Caution Details:

 

(1) Vendor & Product Description:

Vendor:

KnowledgeTree

 

Product & Vulnerable Versions:

Knowledge Tree Document Management System

OSS 3.0.3b

 

Vendor URL & Download:

Product can be obtained from here,
http://download.cnet.com/KnowledgeTree-Document-Management-System/3000-10743_4-10632972.html
http://www.knowledgetree.com/

 

Product Introduction Overview:

“KnowledgeTree is open source document management software designed for business people to use and install. Seamlessly connect people, ideas, and processes to satisfy all your collaboration, compliance, and business process requirements. KnowledgeTree works with Microsoft® Office®, Microsoft® Windows® and Linux®.”

 

 

 

 

(2) Vulnerability Details:

KnowledgeTree web application has a computer security problem. Hackers can exploit it by reflected XSS cyber attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. KnowledgeTree has patched some of them. “Bugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.”. It has listed similar exploits, such as Bugtraq (Security Focus) 32920.

 

(2.1) The code flaw occurs at “&errorMessage” parameter in “login.php” page.

One similar bug is CVE-2008-5858. Its X-Force ID is 47529.

 

 

 

 

 

References:
http://seclists.org/oss-sec/2015/q3/458
http://tetraph.com/security/xss-vulnerability/knowledgetree-oss-3-0-3b-reflected-xss/
https://progressive-comp.com/?l=oss-security&m=144094021709472
https://infoswift.wordpress.com/2015/08/31/knowledge-tree-xss/
http://japanbroad.blogspot.jp/2015/08/knowledge-tree-bug-exploit.html
http://marc.info/?l=full-disclosure&m=144099659719456&w=4
http://tetraph.blog.163.com/blog/static/234603051201573144123156/
http://www.openwall.com/lists/oss-security/2015/08/30/2
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02446.html
http://itinfotech.tumblr.com/post/128016383831/knowledge-tree-xss
http://germancast.blogspot.com/2015/08/knowledge-tree-xss.html
http://permalink.gmane.org/gmane.comp.security.oss.general/17655
http://webtech.lofter.com/post/1cd3e0d3_806e1d4


 

Posted in 0Day, XSS Vulnerability | Tagged , , , , , | Leave a comment

关于山, 描写山的诗句 – 文中带山的经典古文

a-huge_hill-1514962

 

1.千山鸟飞绝,万径人踪灭。
(柳宗元:《江雪》)
2.白日依山尽,黄河入海流。
(王之涣:《登鹳雀楼》)
3.会当凌绝顶,一览众山小。
(杜甫:《望岳》)
4.国破山河在,城春草木深。
(杜甫:《春望》)
5.空山不见人,但闻人语响。
(王维:《鹿柴》)

 

6.明月出天山,苍茫云海间。
(李白:《关山月》)
7.相看两不厌,只有敬亭山。
(李白《独坐敬亭山》)
8.种豆南山下,草盛豆苗稀。
(陶渊明:《归园田居》)
9.西北望长安,可怜无数山。青山遮不住,毕竟东流去。
(辛弃疾:《菩萨蛮?书江西造口壁》)
10.不识庐山真面目,只缘身在此山中。
(苏轼:《题西林壁》)

 

11.山光悦鸟性,潭影空人心。
(常建:(题破山寺后禅院))
12.晚风拂柳笛声残,夕阳山外山。
(李叔同:《送别》)
13.无限山河泪,谁言天地宽。
(夏完淳:《别云间》)
14. 客路青山外,行舟绿水前。
( 王湾《次北故山下》)
15.飞来山上千寻塔,闻说鸡鸣见日升。
( 王安石《登飞来峰》)

 

16.山重水复疑无路,柳暗花明又一村。
(陆游:《游山西村》)
17.七八个星天外,两三点雨山前。
(辛弃疾〈西江月?夜行黄沙道中〉)
18.山回路转不见君,雪上空留马行处。
(岑参《白雪歌送武判官归京》)
19.两岸猿声啼不住,轻舟已过万重山。
(李白《早发白帝城》)
20.但使龙城飞将在,不教胡马度阴山。
(王昌龄《出塞》)

 

21.黄河远上白云间,一片孤城万仞山。
(王之涣《凉州词》)
22.采菊东篱下,悠然见南山。
(陶渊明:《饮酒》)
23.遥望洞庭山水色,白银盘里一青螺。
(刘禹锡:《望洞庭》)
24.青海长云暗雪山,孤城遥望玉门关。
(王昌龄《从军行》)
25.百川沸腾,山冢碎甭。高谷为岸,深谷为陵。
(《诗经》)

 

 

转载自 InZeed:
http://www.inzeed.com/kaleidoscope/essays/mountain/

Posted in Essay | Tagged , , , | Leave a comment

有关于海的诗句 – 海纳百川 有容乃大

sea-2

 

1,白日依山尽,黄河入海流。——王之涣《登鹳鹊楼》

2,百川东到海,何时复西归?——乐府《长歌行》

3,乘风破浪会有时,直挂云帆济沧海。——李白《行路难》

4,春江潮水连海平,海上明月共潮生。——张若虚《春江花月夜》

5,大漠孤烟直,长河落日圆。——王维《使至塞上》

 

6,东临碣石,以观沧海。水何澹澹,山岛竦峙。——曹操《观沧海》

7,浮天沧海远,去世法舟轻。——钱起《送僧归日本》

8,俯首无齐鲁,东瞻海似杯。——李梦阳《泰山》

9,海内存知己,天涯若比邻。——王勃《送杜少府之任蜀州》

10,海日生残夜,江春入旧年。——王湾《次北固山下》

 

11,海上升明月,天涯共此时。——张九龄《望月怀古》

12,海水无风时,波涛安悠悠。——白居易《题海图屏风》

13,瀚海阑干百丈冰,愁云惨淡万里凝。——岑参《白雪歌送武判官归京》

14,君不见黄河之水天上来,奔流到海不复回。——李白《将进酒》

15,君不见走马川行雪海边,平沙莽莽黄入天。——岑参《走马川行奉送封大夫出师西征》

 

16,口衔山石细,心望海波平。——韩愈《精卫填海》

17,楼观沧海日,门对浙江潮。——宋之问《灵隐寺 》

18,茫茫东海波连天,天边大月光团圆。——黄遵宪《八月十五日夜太平洋舟中望月作歌》

19,三万里河东入海,五千仞岳上摩天。——陆游《秋夜将晓出篱门迎凉有感》

20,山水绕城春作涨,江涛入海夜通潮。——陈子澜《恩波桥诗》

 

21,小舟从此逝,江海寄余生。——苏轼《临江仙》

22,一雨纵横亘二洲,浪淘天地入东流。却余人物淘难尽,又挟风雷作远游。——梁启超《太平洋遇雨》

23,月下飞天镜,云生结海楼。——李白《渡荆门送别》

24,曾经沧海难为水,除却巫山不是云。——元稹《离思》

25,煮海之民何所营,妇无蚕织夫无耕。衣食之源太寥落,牢盆煮就汝轮征。柳永《煮海歌》

 

转载自 Tetraph:
http://www.tetraph.com/blog/articles/sea/

 

Posted in Articles | Tagged , , , | Leave a comment