Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

opoint_1

 

Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

 

Exploit Title: Opoint Media Intelligence click.php? &noblink parameter URL Redirection Security Vulnerabilities

Vendor: Opoint

Product: Opoint Media Intelligence

Vulnerable Versions:

Tested Version:

Advisory Publication: April 14, 2015

Latest Update: April 14, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Discover and Writer: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

Suggestion Details:

 

(1) Vendor & Product Description:

Vendor:

Opoint

 

Product & Version:

Opoint Media Intelligence

 

Vendor URL & Download:

Opoint Media Intelligence can be got from here,

http://www.opoint.com/index.php?page=home

 

Product Introduction Overview:

“Today, some libraries want to enhance their online presence in ways that go beyond the traditional OPAC and the “library portal" model to better integrate the latest Web functionality. With Opoint Media Intelligence, libraries will be able to take advantage of the latest Web technologies and engage Web-savvy users more effectively than ever before. Opoint Media Intelligence is a complete update of the Web OPAC interface"

“Opoint Media Intelligence breaks through the functional and design limitations of the traditional online catalog. Its solid technology framework supports tools for patron access such as Spell Check; integrated Really Simple Syndication (RSS) feeds; a suite of products for seamless Campus Computing; and deep control over information content and presentation with Cascading Style Sheets (CSS). Opoint Media Intelligence is also a platform for participation when integrated with Innovative’s Patron Ratings features and Community Reviews product. What’s more, with Opoint Media Intelligence’s RightResult™ search technology, the most relevant materials display at the top so patrons get to the specific items or topics they want to explore immediately. Opoint Media Intelligence can also interconnect with Innovative’s discovery services platform, Encore. And for elegant access through Blackberry® Storm™ or iPhone™, the AirPAC provides catalog searching, item requesting, and more."

 

 

 

(2) Vulnerability Details:

Opoint Media Intelligence web application has a security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker’s choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Other Opoint products 0day vulnerabilities have been found by some other bug hunter researchers before. Opoint has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. “Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What’s more, you can now subscribe to an RSS feed containing the specific tags that you are interested in – you will then only receive alerts related to those tags." It has published suggestions, advisories, solutions details related to Open Redirect vulnerabilities.

 

(2.1) The first code programming flaw occurs at “func/click.php?" page with “&noblink" parameter.

 

 

 

 

References:

http://tetraph.com/security/open-redirect/opoint-media-intelligence-unvalidated-redirects-and-forwards/

http://securityrelated.blogspot.com/2015/04/opoint-media-intelligence-unvalidated.html

http://www.inzeed.com/kaleidoscope/computer-web-security/opoint-media-intelligence-open-redirect/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/opoint-media-intelligence-open-redirect/

https://computerpitch.wordpress.com/2015/04/14/opoint-media-intelligence-open-redirect/

http://www.iedb.ir/author-Wang%20Jing.html

http://www.websecuritywatch.com/open-redirect-vulnerability-in-wordpress-newsletter-2-6-x-2-5-x/

http://lists.openwall.net/full-disclosure/2015/03/02/7

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1646

 

Leave a comment

你的電子郵件位址並不會被公開。 必要欄位標記為 *

你可以使用這些 HTML 標籤與屬性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>