=======================================================================
WebsitePanel CMS - Open Redirect
=======================================================================
Affected Application : WebsitePanel
Severity : Very Low
Local/Remote : Remote
Vulnerable url : https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>
Affected Version : < 1.2.2.1
Discovered by : Anastasios Monachos (secuid0) - [anastasiosm(at)gmail(dot)com]
[Project Description]
WebsitePanel is a free, open source, and easy to use control panel for Windows hosting. It allows you to manage multiple servers, has a robust, scalable and secure architecture. With WebsitePanel you can easily manage all your web sites, FTP accounts, databases and other resources from a single place.
[Summary]
Due to a parameter filtering weakness any supplied input is accepted; as result redirects a user to the parameter value without any validation.
[Vulnerability Details]
https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>
https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>/file.exe>
[Time-line]
24/04/2012 - Vendor notified
26/04/2012 - Vendor responded
04/07/2012 - Vendor patch released
07/07/2012 - Public disclosure
[Reference URL]
http://websitepanel.codeplex.com/workitem/224
