WebsitePanel CMS versions prior to 1.2.2.1 suffer from an open redirection vulnerability.
f3d18a3cdffa39c307617de82222186276ef53444e6663c5f876e672f7f6a760=======================================================================
WebsitePanel CMS - Open Redirect
=======================================================================
Affected Application : WebsitePanel
Severity : Very Low
Local/Remote : Remote
Vulnerable url : https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>
Affected Version : < 1.2.2.1
Discovered by : Anastasios Monachos (secuid0) - [anastasiosm(at)gmail(dot)com]
[Project Description]
WebsitePanel is a free, open source, and easy to use control panel for Windows hosting. It allows you to manage multiple servers, has a robust, scalable and secure architecture. With WebsitePanel you can easily manage all your web sites, FTP accounts, databases and other resources from a single place.
[Summary]
Due to a parameter filtering weakness any supplied input is accepted; as result redirects a user to the parameter value without any validation.
[Vulnerability Details]
https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>
https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>/file.exe>
[Time-line]
24/04/2012 - Vendor notified
26/04/2012 - Vendor responded
04/07/2012 - Vendor patch released
07/07/2012 - Public disclosure
[Reference URL]
http://websitepanel.codeplex.com/workitem/224
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed