======================================================================= WebsitePanel CMS - Open Redirect ======================================================================= Affected Application : WebsitePanel Severity : Very Low Local/Remote : Remote Vulnerable url : https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain> Affected Version : < 1.2.2.1 Discovered by : Anastasios Monachos (secuid0) - [anastasiosm(at)gmail(dot)com] [Project Description] WebsitePanel is a free, open source, and easy to use control panel for Windows hosting. It allows you to manage multiple servers, has a robust, scalable and secure architecture. With WebsitePanel you can easily manage all your web sites, FTP accounts, databases and other resources from a single place. [Summary] Due to a parameter filtering weakness any supplied input is accepted; as result redirects a user to the parameter value without any validation. [Vulnerability Details] https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain> https://hosting/Default.aspx?pid=Login&ReturnUrl=http://<any_domain>/file.exe> [Time-line] 24/04/2012 - Vendor notified 26/04/2012 - Vendor responded 04/07/2012 - Vendor patch released 07/07/2012 - Public disclosure [Reference URL] http://websitepanel.codeplex.com/workitem/224