|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Published: 2012/04/18 Version 1.0 Affected products: ownCloud version 3.0.0 (others not tested) http://owncloud.org References: TC-SA-2012-01 www.tele-consulting.com/advisories/TC-SA-2012-01.txt (used for updates) CVE-2012-2269 - XSS in ownCloud 3.0.0 CVE-2012-2270 - Open Redirect in ownCloud 3.0.0 Summary: "ownCloud gives you easy and universal access to all of your files. It also provides a platform to easily view, sync and share your contacts, calendars, bookmarks and files across all your devices. ownCloud 3 brings loads of new features and hundreds of fixes" Vulnerable Scripts: stored XSS: - /apps/contacts/ajax/addcard.php (any input field) - /apps/contacts/ajax/addproperty.php (parameter) - /apps/contacts/ajax/createaddressbook (name) reflected XSS: - /files/download.php (file) - /files/index.php (name, user, redirect_url) open redirect after login: - Login Page Examples: stored XSS: - add a new contact and enter <script>alert("Help Me")</script> in any field, save the contact - add a new date in calendar with name <script>alert("Help Me")</script>" reflected XSS (un-authenticated): - http://$domain/owncloud/index.php?redirect_url=1"><script>alert("Help Me")</script><l=" (must not be logged in) open redirect after login: - http://$domain/owncloud/index.php?redirect_url=http%3a//www.boeserangreife r.de/ Possible solutions: - update to OwnCloud 3.0.2 Disclosure Timeline: 2012/02/01 vendor contacted via #owncloud on freenode IRC, got E-Mail 2012/02/01 vendor contacted via E-Mail 2012/02/02 vendor response 2012/04/16 asked vendor for status updates 2012/04/16 vendor status: patched with version 3.0.2 2012/04/18 public disclosure Credits: Tobias Glemser (tglemser@xxxxxxxxxxxxxxxxxxx) Tele-Consulting security networking training GmbH, Germany www.tele-consulting.com Disclaimer: All information is provided without warranty. The intent is to provide information to secure infrastructure and/or systems, not to be able to attack or damage. Therefore Tele-Consulting shall not be liable for any direct or indirect damages that might be caused by using this information.
[Linux Security] [Netfilter] [Linux] [PHP] [Photography] [Yosemite Photos] [Yosemite News]