=======================================================================
WebsitePanel CMS - Open Redirect
=======================================================================

Affected Application 	: WebsitePanel
Severity 		: Very Low
Local/Remote		: Remote
Vulnerable url 		: https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>
Affected Version	: < 1.2.2.1
Discovered by 		: Anastasios Monachos (secuid0) - [anastasiosm(at)gmail(dot)com]

[Project Description]

WebsitePanel is a free, open source, and easy to use control panel for Windows hosting. It allows you to manage multiple servers, has a robust, scalable and secure architecture. With WebsitePanel you can easily manage all your web sites, FTP accounts, databases and other resources from a single place.

[Summary]

Due to a parameter filtering weakness any supplied input is accepted; as result redirects a user to the parameter value without any validation. 


[Vulnerability Details]

https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>
https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>/file.exe>

[Time-line]

24/04/2012 - Vendor notified
26/04/2012 - Vendor responded
04/07/2012 - Vendor patch released
07/07/2012 - Public disclosure

[Reference URL]
http://websitepanel.codeplex.com/workitem/224