exploit the possibilities

Innovative WebPAC Pro 2.0 Open Redirect

Innovative WebPAC Pro 2.0 Open Redirect
Posted Mar 15, 2015
Authored by Wang Jing

Innovative WebPAC Pro version 2.0 suffers from non-validated redirects and forwards.

tags | exploit
MD5 | 69a036fab183c6f845e0dcd090f48fbc

Innovative WebPAC Pro 2.0 Open Redirect

Change Mirror Download
*Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL
Redirection) Security Vulnerabilities*


Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL
Redirection Security Vulnerabilities
Vendor: Innovative Interfaces Inc
Product: WebPAC Pro
Vulnerable Versions: 2.0
Tested Version: 2.0
Advisory Publication: March 14, 2015
Latest Update: March 14, 2015
Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect')
[CWE-601]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Discover and Author: Wang Jing [CCRG, Nanyang Technological University
(NTU), Singapore]







*Suggestion Details:*


*(1) Vendor & Product Description:*


*Vendor:*
Innovative Interfaces Inc


*Product & Version:*
WebPAC Pro
2.0


*Vendor URL & Download:*
WebPAC Pro can be got from here,
http://www.iii.com/products/webpac_pro.shtml
http://lj.libraryjournal.com/2005/12/ljarchives/innovative-releasing-webpac-pro/


*Libraries that have installed WebPac Pro:*
https://wiki.library.oregonstate.edu/confluence/display/WebOPAC/Libraries+that+have+installed+WebPac+Pro


*Product Introduction Overview:*
"Today, some libraries want to enhance their online presence in ways that
go beyond the traditional OPAC and the "library portal" model to better
integrate the latest Web functionality. With WebPAC Pro, libraries will be
able to take advantage of the latest Web technologies and engage Web-savvy
users more effectively than ever before. WebPAC Pro is a complete update of
the Web OPAC interface"

"WebPAC Pro breaks through the functional and design limitations of the
traditional online catalog. Its solid technology framework supports tools
for patron access such as Spell Check; integrated Really Simple Syndication
(RSS) feeds; a suite of products for seamless Campus Computing; and deep
control over information content and presentation with Cascading Style
Sheets (CSS). WebPAC Pro is also a platform for participation when
integrated with Innovative's Patron Ratings features and Community Reviews
product. What's more, with WebPAC Pro's RightResult™ search technology, the
most relevant materials display at the top so patrons get to the specific
items or topics they want to explore immediately. WebPAC Pro can also
interconnect with Innovative's discovery services platform, Encore. And for
elegant access through Blackberry® Storm™ or iPhone™, the AirPAC provides
catalog searching, item requesting, and more."





*(2) Vulnerability Details:*
WebPAC Pro web application has a security bug problem. It can be exploited
by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could
allow a user to create a specially crafted URL, that if clicked, would
redirect a victim from the intended legitimate web site to an arbitrary web
site of the attacker's choosing. Such attacks are useful as the crafted URL
initially appear to be a web page of a trusted site. This could be
leveraged to direct an unsuspecting user to a web page containing attacks
that target client side software such as a web browser or document
rendering programs.

Other Innovative Interfaces products vulnerabilities have been found by
some other bug hunter researchers before. Innovative has patched some of
them. NVD is the U.S. government repository of standards based
vulnerability management data (This data enables automation of
vulnerability management, security measurement, and compliance (e.g.
FISMA)). It has published suggestions, advisories, solutions related to
Innovative vulnerabilities.

*(2.1) *The first code programming flaw occurs at "showres?" page with
"&url" parameter.







*References:*
http://tetraph.com/security/open-redirect/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/03/innovative-webpac-pro-20-unvalidated.html
http://www.inzeed.com/kaleidoscope/computer-web-security/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/
https://infoswift.wordpress.com/2015/03/14/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/
http://marc.info/?l=full-disclosure&m=142527148510581&w=4
http://en.hackdig.com/wap/?id=17054






--
Wang Jing,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.
http://www.tetraph.com/wangjing/
https://twitter.com/tetraphibious


Login or Register to add favorites

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    7 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close