InterWorx Web Control Panel Cross Site Scripting

2014-02-22T00:00:00
ID PACKETSTORM:125344
Type packetstorm
Reporter Eric Flokstra
Modified 2014-02-22T00:00:00

Description

                                        
                                            `==============================================  
Product: InterWorx Web Control Panel  
Vendor: InterWorx LLC  
Tested Version: 5.0.12 build 569  
Vulnerability Type: Cross-Site Scripting [CWE-79]  
CVE Reference: CVE-2014-2035  
Risk Level: Medium  
CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)  
Solution Status: Fixed in Version 5.0.13 build 574  
Discovered and Provided: Eric Flokstra (www.itsec.nl)  
==============================================  
  
About the Vendor  
-------------------------  
The InterWorx Hosting Control Panel is a web hosting and linux server  
management system that provides tools for server administrators to  
command their servers and for end users to oversee the operations of  
their website.  
  
Advisory Details:  
-------------------------  
Reflected cross-site scripting (XSS) vulnerability in the InterWorx  
Web Control Panel.  
  
The application uses XMLHttpRequests to post messages to the web  
server. However, insufficient output encoding is performed enabling  
remote execution of arbitrary scripting code in the target's web  
browser. By changing the request method from POST to GET the following  
URL could be used as proof of concept:  
  
http://demo.interworx.com:2080/xhr.php?i={%22r%22%3a%22Form_InputValidator%22%2c%22i%22%3a{%22form%22%3a%22Form_NW_Shell_ForbiddenUsers%22%2c%22ctrl%22%3a%22\%2fnodeworx\%2fshell%3Cimg%20src%3dx%20onerror%3dalert%28%27XSS%27%29%3E%22%2c%22input%22%3a%22forbidden_unix_users%22%2c%22value%22%3a%22moi%22%2c%22where_was_i%22%3a%22%2fnodeworx%2fshell%22}}  
  
Vendor contact timeline:  
------------------------------------  
18 Feb 2014: Vendor notification  
18 Feb 2014: Vulnerability confirmation  
19 Feb 2014: Issue patched  
20 Feb 2014: Public disclosure  
  
Solution:  
------------  
Upgrade to the latest version (5.0.13 build 574) of InterWorx Web Control Panel.  
  
References:  
-----------------  
[1] InterWorx Changelog - http://www.interworx.com/developers/changelog/  
[2] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org  
[3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org  
`