Published: June 11, 2008

Version: 1.0

Maximum Severity Rating: Low

Background

To support URL Rewriting, DotNetNuke determines the current path of the page and echoes it to the form action attribute to ensure that any actions post to the correct page.

Issue Summary

It was possible to avoid the existing URL filtering code by using invalid URL's. These URL's could then be used to inject html/script which could allow hackers to perform cross-site scripting attacks.

Mitigating factors

To protect against attacks that attempt to use invalid URL's, users can install the free Microsoft URLScan utility(http://www.microsoft.com/technet/security/tools/urlscan.mspx). This is a recommended install as it offers protection against a number of other non-DotNetNuke specific URL based issues.

Affected DotNetNuke versions

All

Non-Affected Versions:

N/A

Fix(s) for issue

To fix this problem, you are recommended to update to the latest version of DotNetNuke (4.8.4 at time of writing)

Acknowledgments

AmnPardaz Security Research & Penetration Testing Group

Security Policy

Click here to read more details on the DotNetNuke Security Policy