This host is installed with Newtelligence dasBlog and is prone to open redirect vulnerability.

Successful exploitation will allow remote attackers to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Impact Level: Application

No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://dasblog.codeplex.com/

The error exists as the application does not validate the 'url' parameter upon submission to the ct.ashx script.

Newtelligence dasBlog versions 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820).

Send a crafted HTTP GET request and check whether it redirects to the malicious websites.

• http://osvdb.com/113580
• http://packetstormsecurity.com/files/128749
• http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability/
• http://xforce.iss.net/xforce/xfdb/97667

---

Updated on 2015-03-25