Innovative WebPAC Pro 2.0 Open Redirect

`*Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL  
Redirection) Security Vulnerabilities*  
  
  
Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL  
Redirection Security Vulnerabilities  
Vendor: Innovative Interfaces Inc  
Product: WebPAC Pro  
Vulnerable Versions: 2.0  
Tested Version: 2.0  
Advisory Publication: March 14, 2015  
Latest Update: March 14, 2015  
Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect')  
[CWE-601]  
CVE Reference: *  
Impact CVSS Severity (version 2.0):  
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)  
Impact Subscore: 4.9  
Exploitability Subscore: 8.6  
Discover and Author: Wang Jing [CCRG, Nanyang Technological University  
(NTU), Singapore]  
  
  
  
  
  
  
  
*Suggestion Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
*Vendor:*  
Innovative Interfaces Inc  
  
  
*Product & Version:*  
WebPAC Pro  
2.0  
  
  
*Vendor URL & Download:*  
WebPAC Pro can be got from here,  
http://www.iii.com/products/webpac_pro.shtml  
http://lj.libraryjournal.com/2005/12/ljarchives/innovative-releasing-webpac-pro/  
  
  
*Libraries that have installed WebPac Pro:*  
https://wiki.library.oregonstate.edu/confluence/display/WebOPAC/Libraries+that+have+installed+WebPac+Pro  
  
  
*Product Introduction Overview:*  
"Today, some libraries want to enhance their online presence in ways that  
go beyond the traditional OPAC and the "library portal" model to better  
integrate the latest Web functionality. With WebPAC Pro, libraries will be  
able to take advantage of the latest Web technologies and engage Web-savvy  
users more effectively than ever before. WebPAC Pro is a complete update of  
the Web OPAC interface"  
  
"WebPAC Pro breaks through the functional and design limitations of the  
traditional online catalog. Its solid technology framework supports tools  
for patron access such as Spell Check; integrated Really Simple Syndication  
(RSS) feeds; a suite of products for seamless Campus Computing; and deep  
control over information content and presentation with Cascading Style  
Sheets (CSS). WebPAC Pro is also a platform for participation when  
integrated with Innovative's Patron Ratings features and Community Reviews  
product. What's more, with WebPAC Pro's RightResult™ search technology, the  
most relevant materials display at the top so patrons get to the specific  
items or topics they want to explore immediately. WebPAC Pro can also  
interconnect with Innovative's discovery services platform, Encore. And for  
elegant access through Blackberry® Storm™ or iPhone™, the AirPAC provides  
catalog searching, item requesting, and more."  
  
  
  
  
  
*(2) Vulnerability Details:*  
WebPAC Pro web application has a security bug problem. It can be exploited  
by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could  
allow a user to create a specially crafted URL, that if clicked, would  
redirect a victim from the intended legitimate web site to an arbitrary web  
site of the attacker's choosing. Such attacks are useful as the crafted URL  
initially appear to be a web page of a trusted site. This could be  
leveraged to direct an unsuspecting user to a web page containing attacks  
that target client side software such as a web browser or document  
rendering programs.  
  
Other Innovative Interfaces products vulnerabilities have been found by  
some other bug hunter researchers before. Innovative has patched some of  
them. NVD is the U.S. government repository of standards based  
vulnerability management data (This data enables automation of  
vulnerability management, security measurement, and compliance (e.g.  
FISMA)). It has published suggestions, advisories, solutions related to  
Innovative vulnerabilities.  
  
*(2.1) *The first code programming flaw occurs at "showres?" page with  
"&url" parameter.  
  
  
  
  
  
  
  
*References:*  
http://tetraph.com/security/open-redirect/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/  
http://securityrelated.blogspot.com/2015/03/innovative-webpac-pro-20-unvalidated.html  
http://www.inzeed.com/kaleidoscope/computer-web-security/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/  
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/  
https://infoswift.wordpress.com/2015/03/14/innovative-webpac-pro-2-0-unvalidated-redirects-and-forwards-url-redirection-security-vulnerabilities/  
http://marc.info/?l=full-disclosure&m=142527148510581&w=4  
http://en.hackdig.com/wap/?id=17054  
  
  
  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://twitter.com/tetraphibious  
  
  
`