Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormTobias GlemserPACKETSTORM:111956
HistoryApr 18, 2012 - 12:00 a.m.

ownCloud 3.0.0 Cross Site Scripting

2012-04-1800:00:00
Tobias Glemser
packetstormsecurity.com
33

0.017 Low

EPSS

Percentile

87.7%

JSON
`TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0  
  
Published: 2012/04/18  
Version 1.0  
  
Affected products:  
ownCloud version 3.0.0 (others not tested)  
http://owncloud.org  
  
References:   
TC-SA-2012-01 www.tele-consulting.com/advisories/TC-SA-2012-01.txt  
(used for updates)  
CVE-2012-2269 - XSS in ownCloud 3.0.0  
CVE-2012-2270 - Open Redirect in ownCloud 3.0.0  
  
Summary:  
"ownCloud gives you easy and universal access to all of your files.  
It also provides a platform to easily view, sync and share your   
contacts, calendars, bookmarks and files across all your devices.  
ownCloud 3 brings loads of new features and hundreds of fixes"  
  
Vulnerable Scripts:  
stored XSS:  
- /apps/contacts/ajax/addcard.php (any input field)  
- /apps/contacts/ajax/addproperty.php (parameter)  
- /apps/contacts/ajax/createaddressbook (name)  
  
reflected XSS:  
- /files/download.php (file)  
- /files/index.php (name, user, redirect_url)  
  
open redirect after login:  
- Login Page  
  
Examples:  
stored XSS:  
- add a new contact and enter <script>alert("Help Me")</script> in  
any field, save the contact  
- add a new date in calendar with name <script>alert("Help  
Me")</script>"  
  
reflected XSS (un-authenticated):  
-  
http://$domain/owncloud/index.php?redirect_url=1"><script>alert("Help  
Me")</script><l=" (must not be logged in)  
  
open redirect after login:  
-  
http://$domain/owncloud/index.php?redirect_url=http%3a//www.boeserangreife  
r.de/  
  
Possible solutions:  
- update to OwnCloud 3.0.2  
  
Disclosure Timeline:  
2012/02/01 vendor contacted via #owncloud on freenode IRC, got E-Mail  
2012/02/01 vendor contacted via E-Mail  
2012/02/02 vendor response   
2012/04/16 asked vendor for status updates  
2012/04/16 vendor status: patched with version 3.0.2  
2012/04/18 public disclosure  
  
Credits:  
Tobias Glemser ([email protected])  
Tele-Consulting security networking training GmbH, Germany  
www.tele-consulting.com  
  
Disclaimer:  
All information is provided without warranty. The intent is to   
provide information to secure infrastructure and/or systems, not  
to be able to attack or damage. Therefore Tele-Consulting shall   
not be liable for any direct or indirect damages that might be   
caused by using this information.  
`

Related

securityvulns 2
openvas 1
nvd 3
prion 3
cvelist 3
cve 3
ubuntucve 3
securityvulns
securityvulns
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0
2012-04-23 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2012-04-23 00:00:00
openvas
openvas
ownCloud <= 3.0.0 Multiple Input Validation Vulnerabilities - Active Check
2012-04-19 00:00:00
nvd
nvd
CVE-2012-2269
2012-04-20 10:55:01
CVE-2012-2270
2012-04-20 10:55:01
CVE-2012-2398
2012-04-20 10:55:01
prion
prion
Open redirect
2012-04-20 10:55:00
Cross site scripting
2012-04-20 10:55:00
Cross site scripting
2012-04-20 10:55:00
cvelist
cvelist
CVE-2012-2270
2012-04-20 10:00:00
CVE-2012-2269
2012-04-20 10:00:00
CVE-2012-2398
2012-04-20 10:00:00
cve
cve
CVE-2012-2270
2012-04-20 10:55:01
CVE-2012-2269
2012-04-20 10:55:01
CVE-2012-2398
2012-04-20 10:55:01
ubuntucve
ubuntucve
CVE-2012-2270
2012-04-20 00:00:00
CVE-2012-2269
2012-04-20 00:00:00
CVE-2012-2398
2012-04-20 00:00:00

0.017 Low

EPSS

Percentile

87.7%

JSON
Related for PACKETSTORM:111956
securityvulns2openvas1nvd3prion3cvelist3cve3ubuntucve3