HostBill – Email Templates CSRF/XSS Admin Hijack Vulnerability (R911-0131)

Type: CSRF / XSS
Location: Remote
Impact: High
Product: HostBill
Website: http://www.hostbillapp.com
Vulnerable Version: 2014-02-24
Fixed Version: 2014-03-03
CVE: -
R911: 0131
Date: 2014-03-04
By: Rack911

Product Description:

Whether you resell hosting or lease colocation space – you need to bill your customers. HostBill platform’s core components are designed to help you acquire customer, automate your services and ensure that invoices are paid on time.

Vulnerability Description:

Due to both a CSRF and XSS vulnerability present within the Email Templates configuration page, it is possible for a malicious user to hijack staff accounts with minimal effort.

For example, the malicious user could submit a trouble ticket asking the staff member to check his website. Once the staff member views the website, the malicious CSRF and XSS code will be executed against HostBill resulting in the session information being sent to the malicious user thus allowing unauthorized access to the staff account within HostBill.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that the staff account(s) can be hijacked.

Vulnerable Version:

This vulnerability was tested against HostBill 2014-02-24.

Fixed Version:

This vulnerability was patched in HostBill 2014-03-03.

Vendor Contact Timeline:

2014-03-03: Vendor contacted via email.
2014-03-03: Vendor confirms vulnerability.
2014-03-03: Vendor issues 2014-03-03 update.
2014-03-04: Rack911 issues security advisory.