dasBlog Input Validation Hole in Event and Activity Viewer Lets Remote Users Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID: 1011134|
SecurityTracker URL: http://securitytracker.com/id/1011134
(Links to External Site)
Date: Sep 1 2004
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes |
An input validation vulnerability was reported in dasBlog. A remote user can conduct cross-site scripting attacks.|
Dominick Baier reported that the Event and Activity Viewer does not properly filter HTML code from the log files before displaying the content. A remote user can submit a specially crafted HTTP header to the target server with scripting code in the URL, Referer field, or User Agent field. Then, when a target user views the request information with the Event and Activity Viewer, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site running the dasBlog software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The vendor was notified on August 15, 2004.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the dasBlog software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.|
A fix is available at:|
Vendor URL: www.dasblog.net/documentation/ (Links to External Site)
Input validation error|
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: [Full-Disclosure] Cross-Site Scripting Vulnerability in Newtelligence DasBlog|
ERNW Security Advisory
Cross-Site Scripting Vulnerability in Newtelligence DasBlog
Dominick Baier <email@example.com>
A XSS (Cross-Site-Scripting) Vulnerability in DasBlog's Event and Activity
Viewer allows to inject and execute code on the client's machine. This
allows an attacker to transfer the ASP.NET authentication cookie to a server
of his choice. The attacker can use this cookie to log on to DasBlog and
modify blog entries and configuration settings.
2. Severity : Critical
3. Systems affected
Tested with IE 6 and Firefox 0.93
4. Patch Availability :
The Activity and Events Viewer show details about requests that were made to
the blog site. As extra information they show the Referrers, Query Strings
and User Agents of these requests. It is possible to specially malform those
HTTP Headers to inject scripting code. This code gets embedded in the HTML
attacker can transfer the ASP.NET Forms Authentication Cookie to a server of
the his choice. While injecting this cookie in a HTTP request to DasBlog he
can authenticate without having to know the username or the password and
enter the administrative area.
Examples of script injections
Leading e.g. to the following HTTP request
GET / HTTP/1.1
Install the patch.
The vulnerability was found on the 15th August 2004. The author was
contacted on the same day with a immediate response. The patch has been
provided on the 30.August 2004
The informations in this advisory are provided "AS IS" without warranty
of any kind. In no event shall the authors be liable for any damages
whatsoever including direct, indirect, incidental, consequential,
loss of business profits or special damages due to the misuse of any
information provided in this advisory.
Dominick Baier, Dipl. Ing. Informationstechnik (BA)
.NET Architecture / Security Consultant
Tel. +49 151 16 22 75 56 / Fax. +49 6221 419 008
firstname.lastname@example.org / www.ernw.de
7AE0 B3D2 7FFC 7763 E32A 07C2 8B0D F988 DC8D BFB1
Full-Disclosure - We believe in it.