Westpoint Security Advisory
---------------------------

Title:         Ektron CMS400.NET Arbitrary Redirection
Risk Rating:   Low
Platforms:     ASP.net (Windows)
Discovered by: Richard Moore <rich@westpoint.ltd.uk> and Rohan Stelling
Author:        Paul Jones <paul.jones@westpoint.ltd.uk>
Date:          06 Oct 2009
Advisory ID#:  wp-09-0010
URL:           http://www.westpoint.ltd.uk/advisories/wp-09-0010.txt
CVE:          

Overview
--------

Ektron CMS400.NET contains a flaw which allows users to be re-directed to arbitrary locations.


Details
-------

The exploit can be demonstrated with the following URLs:

http://www.example.com/workarea/blankredirect.aspx?http://www.westpoint.ltd.co.uk


Impact
------

An attacker could supply malicious URLs which redirect users to a different
location.  This site could then pose as the legitimate site and prompt users
to provide sensitive information. It could also contain any other type of
malicious content.


Timeline
--------

17 Jul 2008	Ektron informed of the vulnerability