Document Title: =============== Sitefinity Enterprise v7.2.53 - Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1369 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID (VL-ID): ==================================== 1369 Common Vulnerability Scoring System: ==================================== 3.7 Product & Service Introduction: =============================== Usability that Empowers the Business. Empower your business users to get their job done independently and effectively. Powerful Drag & Drop Authoring, on-page editing and contextual guidance for self-servicing marketing teams. Complete Feature set to create content experiences, run campaigns and deliver results. Rated #1 in Ease of Use in the Gleanster 2014 WCM Benchmarks. Personalization, content targeting, persona profiling and segmentation that your team can immediately start using. Integrated Digital Experience Cloud that includes Customer Journey Analysis, Predictive and Prescriptive Analytics for optimizing every customer experiences. Built-in ecommerce, email marketing, landing page management and cross-channel delivery tools. (Copy of the Vendor Homepage: http://www.sitefinity.com/product/overview ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered an application-side input validation vulnerability in the official Telerik Sitefinity v7.2.53 Enterprise Edition CMS. Vulnerability Disclosure Timeline: ================================== 2015-01-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Telerik Product: Sitefinity Enterprise Edition - Content Managemtn System 7.2.53 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ An application-side validation vulnerability has been discovered in the official Telerik Sitefinity v7.2.53 Enterprise Edition CMS. The vulnerability allows an attacker to inject own script code as payload to the application-side of the vulnerable service function or module. The vulnerability is located in the `sfItemTitle` and `sf_binderCommand_viewItemsByParent` values of the vulnerable `User Files > Properties` module. Attackers are able to send special crafted PUT requests with manipulated `sfItemTitle` to the service application to compromise the `./user-files` module. The execution of the injected script code occurs on the application of the user-files listing module by the manipulated name context field. The attack vector is persistent on the application-side and the request method to inject is PUT. The security risk of the application-side web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.7. Exploitation of the application-side web vulnerability requires a privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerabilities result in persistent phishing mails, session hijacking, persistent external redirect to malicious sources and application-side manipulation of affected or connected module context. Request Method(s): [+] PUT Vulnerable Module(s): [+] Settings & Configuration > User Files > Properties Vulnerable Parameter(s): [+] sfItemTitle [+] sf_binderCommand_viewItemsByParent Affected Module(s): [+] User File listing & Upload Files (./Administration/User-files) Proof of Concept (PoC): ======================= The persistent input validation web vulnerability can be exploited by remote attackers and local privileged application user accounts with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Input: Settings & Configuration > User Files http://site16408192010623.srv03.sandbox.localhost:8080/Sitefinity/Administration/User-files#event=showWindow&winId=ctl04_userFilesBackendList_ctl00_ctl00_itemsGrid_ctl00_ctl00_edit&autoMax=false Execution: User File listing & Upload Files http://site16408192010623.srv03.sandbox.localhost:8080/Sitefinity/Administration/User-files http://site16408192010623.srv03.sandbox.localhost:8080/Sitefinity/Administration/User-files#event=showWindow&winId=ctl04_userFilesBackendList_ctl00_ctl00_itemsGrid_ctl00_ctl00_upload&autoMax=false PoC: ./User-files

"><[PERSISTENT SCRIPT CODE EXECUTION!];)" <="" "="">

"><[PERSISTENT SCRIPT CODE EXECUTION!]") <

0 items