Hosting Controller 1.x Browse.ASP File Disclosure Vulnerability

2002-05-19T00:00:00
ID EDB-ID:21464
Type exploitdb
Reporter Bao Dai Nhan
Modified 2002-05-19T00:00:00

Description

Hosting Controller 1.x Browse.ASP File Disclosure Vulnerability. CVE-2002-0775. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/4778/info

Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems.

The 'browse.asp' script is prone to an issue which may allow a remote attacker to view the contents of arbitrary files and directories. The attacker must provide a malicious value as a URL parameter in a request for the affected script, which will be read with the privileges of the web server process. 

http://target/admin/browse.asp?FilePath=c:\&Opt=2&level=0