Type: Privilege Escalation
Vulnerable Version: 2.3.0
Fixed Version: 2.3.1
By: http://www.safeornot.net / http://www.rack911.com
Virualizor is a powerful web based VPS Control Panel. It supports OpenVZ, Xen PV, Xen HVM and Linux KVM virtualization. Admins can create a VPS on the fly by the click of a button VPS users can start, stop, restart and manage their VPS using a very advanced web based GUI.
Virtualizor suffers from an SQL injection that allows an attacker to escalate their privileges to gain root access.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can obtain root access.
This vulnerability was tested against Virtualizor v2.3.0 is believed to exist in all prior versions.
This vulnerability was fixed in Virtualizor v2.3.1.
Vendor Contact Timeline:
2013-06-21: Vendor contacted via email.
2013-06-21: Vendor confirms vulnerability.
2013-06-21: Vendor issues 2.3.1 update.
2013-06-24: Safe or Not / Rack911 issues security advisory.