NibbleBlog 4.0.3: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://ift.tt/1hf8205 Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 07/21/2015 Disclosed to public: 09/01/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description NibbleBlog 4.0.3 does not have CSRF protection. This means that an attacker can perform actions for an admin if the admin is logged in and visits an attacker controlled website. In the case of NibbleBlog, this can for example lead to persistent XSS via the creation of a new post, which in turn allows for phishing attacks or the injection of JavaScript keyloggers. 3. Proof of Concept Create new Post (for Spam and XSS):
4. Solution This issue was not fixed by the vendor. 5. Report Timeline 07/21/2015 Informed Vendor about Issue 07/22/2015 Vendor Replied 08/18/2015 Reminded Vendor of release date (no reply) 09/01/2015 Disclosed to public 6. Blog Reference http://ift.tt/1VxZoNX
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment