Virtualizor – Privilege Escalation (R911-0030)

Type: Privilege Escalation
Impact: High
Product: Virtualizor
Website: http://www.virtualizor.com
Vulnerable Version: 2.3.0
Fixed Version: 2.3.1
CVE: -
R911: 0030
Date: 2013-06-24
By: http://www.safeornot.net / http://www.rack911.com

Product Description:

Virualizor is a powerful web based VPS Control Panel. It supports OpenVZ, Xen PV, Xen HVM and Linux KVM virtualization. Admins can create a VPS on the fly by the click of a button VPS users can start, stop, restart and manage their VPS using a very advanced web based GUI.

Vulnerability Description:

Virtualizor suffers from an SQL injection that allows an attacker to escalate their privileges to gain root access.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that a normal user can obtain root access.

Vulnerable Version:

This vulnerability was tested against Virtualizor v2.3.0 is believed to exist in all prior versions.

Fixed Version:

This vulnerability was fixed in Virtualizor v2.3.1.

Vendor Contact Timeline:

2013-06-21: Vendor contacted via email.
2013-06-21: Vendor confirms vulnerability.
2013-06-21: Vendor issues 2.3.1 update.
2013-06-24: Safe or Not / Rack911 issues security advisory.