Ipswitch WhatsUp Professional DeviceSelection.asp Arbitrary Site Redirection

2006-05-11T09:02:38
ID OSVDB:25473
Type osvdb
Reporter David Maciejak(david.maciejak@gmail.com)
Modified 2006-05-11T09:02:38

Description

Vulnerability Description

WhatsUp Professional contains a flaw that may allow a malicious user to redirect the victim to an arbitrary website. The issue is due to the 'NmConsole/DeviceSelection.asp' script not properly sanitizing input passed via the 'sRedirectUrl' and 'sCancelURL' parameters. It is possible that the flaw may facilitate phishing attacks, effectively causing a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

WhatsUp Professional contains a flaw that may allow a malicious user to redirect the victim to an arbitrary website. The issue is due to the 'NmConsole/DeviceSelection.asp' script not properly sanitizing input passed via the 'sRedirectUrl' and 'sCancelURL' parameters. It is possible that the flaw may facilitate phishing attacks, effectively causing a loss of integrity.

Manual Testing Notes

http://[target]:8022/NmConsole/DeviceSelection.asp?sRedirectUrl=Reports/DevicePassiveMonitorSyslog.asp&sCancelURL=http://[arbitrary]/

References:

Vendor URL: http://www.ipswitch.com/products/whatsup/professional/premium_vs_standard.asp Secunia Advisory ID:20075 Related OSVDB ID: 25474 Related OSVDB ID: 25477 Related OSVDB ID: 25470 Related OSVDB ID: 25469 Related OSVDB ID: 25471 Related OSVDB ID: 25472 Related OSVDB ID: 25475 Related OSVDB ID: 25476 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0294.html FrSIRT Advisory: ADV-2006-1787 CVE-2006-2353