Hosting Controller resellerresources.asp jresourceid Variable SQL Injection

2005-05-27T10:30:01
ID OSVDB:16914
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2005-05-27T10:30:01

Description

Vulnerability Description

Hosting Controller contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the jresourceid variable in the resellerresources.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, HostingController.com has released a patch to address this vulnerability.

Short Description

Hosting Controller contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the jresourceid variable in the resellerresources.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/admin/hosting/resellerresources.asp?action=2&jresourceid=1%20or%201=1

If executed by an authenticated user, will delete all reseller add-on plans.

References:

Vendor URL: http://www.hostingcontroller.com/ Vendor Specific Solution URL: http://hostingcontroller.com/english/downloads/CustomFix/resellerresources.zip Vendor Specific News/Changelog Entry: http://forum.hostingcontroller.com/viewforum.asp?forum_id=2&cat_id=1&topic_id=3850&cat_name=General+Discussions&topic_name=Hosting+Controller+%22jresourceid%22+SQL+Injection+Vul&mode=iVRjLgbcVP&c_status=sNYfR&t_status=sNYfR Security Tracker: 1014071 Secunia Advisory ID:15540 Related OSVDB ID: 16915 CVE-2005-1788 Bugtraq ID: 13806