Hosting Controller listreason.asp ListReason Variable SQL Injection

2005-07-13T05:45:31
ID OSVDB:17905
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2005-07-13T05:45:31

Description

Vulnerability Description

Hosting Controller contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'listreason.asp' script not properly sanitizing user-supplied input to the 'ListReason' variable. This may allow an authenticated remote attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Advanced Communications has released a patch to address this vulnerability.

Short Description

Hosting Controller contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'listreason.asp' script not properly sanitizing user-supplied input to the 'ListReason' variable. This may allow an authenticated remote attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/admin/accounts/listreason.asp?ListReason=tester'%20or%20'1'='1

References:

Vendor URL: http://hostingcontroller.com Security Tracker: 1014477 Secunia Advisory ID:15975 Related OSVDB ID: 17899 Related OSVDB ID: 17900 Related OSVDB ID: 17902 Related OSVDB ID: 17903 Related OSVDB ID: 17904 Related OSVDB ID: 17901 Nessus Plugin ID:19194 Bugtraq ID: 14283