Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

innovative_1

 

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

 

Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL Redirection Security Vulnerabilities

Vendor: Innovative Interfaces Inc

Product: WebPAC Pro

Vulnerable Versions: 2.0

Tested Version: 2.0

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

 

 

 

Suggestion Details:

 

(1) Vendor & Product Description:

Vendor:

Innovative Interfaces Inc

 

Product & Version:

WebPAC Pro

2.0

 

Vendor URL & Download:

WebPAC Pro can be got from here,

http://www.iii.com/products/webpac_pro.shtml

http://lj.libraryjournal.com/2005/12/ljarchives/innovative-releasing-webpac-pro/

 

Libraries that have installed WebPac Pro:

https://wiki.library.oregonstate.edu/confluence/display/WebOPAC/Libraries+that+have+installed+WebPac+Pro

 

Product Introduction Overview:

“Today, some libraries want to enhance their online presence in ways that go beyond the traditional OPAC and the “library portal” model to better integrate the latest Web functionality. With WebPAC Pro, libraries will be able to take advantage of the latest Web technologies and engage Web-savvy users more effectively than ever before. WebPAC Pro is a complete update of the Web OPAC interface”

“WebPAC Pro breaks through the functional and design limitations of the traditional online catalog. Its solid technology framework supports tools for patron access such as Spell Check; integrated Really Simple Syndication (RSS) feeds; a suite of products for seamless Campus Computing; and deep control over information content and presentation with Cascading Style Sheets (CSS). WebPAC Pro is also a platform for participation when integrated with Innovative’s Patron Ratings features and Community Reviews product. What’s more, with WebPAC Pro’s RightResult™ search technology, the most relevant materials display at the top so patrons get to the specific items or topics they want to explore immediately. WebPAC Pro can also interconnect with Innovative’s discovery services platform, Encore. And for elegant access through Blackberry® Storm™ or iPhone™, the AirPAC provides catalog searching, item requesting, and more.”

 

 

(2) Vulnerability Details:

WebPAC Pro web application has a security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker’s choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Other Innovative Interfaces products vulnerabilities have been found by some other bug hunter researchers before. Innovative has patched some of them. NVD is the U.S. government repository of standards based vulnerability management data (This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA)). It has published suggestions, advisories, solutions related to Innovative vulnerabilities.

 

(2.1) The first code programming flaw occurs at “showres?” page with “&url” parameter.

 

 

 

 

References:

http://tetraph.com/security/open-redirect/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/innovative-webpac-pro-20-unvalidated.html

http://www.inzeed.com/kaleidoscope/computer-web-security/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/

https://infoswift.wordpress.com/2015/03/14/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/

http://marc.info/?l=full-disclosure&m=142527148510581&w=4

http://en.hackdig.com/wap/?id=17054

 

Advertisements

One thought on “Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s