BugTraq
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 Jan 12 2015 02:10PM
RedTeam Pentesting GmbH (release redteam-pentesting de)
The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to
version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by
specifying the target URL in the URL parameter board_url in URLs like the
following:

http://www.example.com/mobiquo/smartbanner/welcome.php?board_url=https:/
/www.redteam-pentesting.de

CVE-2014-8870 was assigned to this issue.

--
RedTeam Pentesting GmbH Tel.: +49 241 510081-0
Dennewartstr. 25-27 Fax : +49 241 510081-99
52068 Aachen https://www.redteam-pentesting.de
Germany Registergericht: Aachen HRB 14004
Geschäftsführer: Patrick Hof, Jens Liebchen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCgAGBQJUs9XAAAoJENG/HXWsgFSurUQH/2kjQInkGeYiZMY6Sn5SDiHc
yOAIcyab6lxeEsRG06idSg/PQDTbV7OKx1ZYsWdBcC14H0AMLW0uigEs4nvL/Jnt
iXuOqEVw/pmWtp+pl7VWpO+7ZP2ffpapH6ckIf4brGerG0sxAl+Pfu3ANKudLgXe
PspYWg4J9NtOEKVN8rjjUHZ3dBHky1J3aSjeIDePMu1/Mrxwzg0tMiJbJDo3lDy7
sZepKPg5L/QL/4U6uPQEE0VBbP6g/bbJ7tYorlCLnMf2GLTY4pyiWyhFW8v7CAbm
A3WW2vZhF5wqvH7IJ/dl1654FiO9sPF+sutX6bd3iXRCi3hUpNxqVbY9DCRj4xU=
=h9NN
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus