Hosting Controller plandetails.asp hostcustid Variable SQL Injection

2005-07-15T19:11:00
ID OSVDB:17918
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2005-07-15T19:11:00

Description

Vulnerability Description

Hosting Controller contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'plandetails.asp' script not properly sanitizing user-supplied input to the 'hostcustid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Hosting Controller contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'plandetails.asp' script not properly sanitizing user-supplied input to the 'hostcustid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/admin/hosting/plandetails.asp?hostcustid=[ARBITRARY_PLAN_NUMBER] http://[target]/admin/hosting/plandetails.asp?hostcustid=1 or 1=1

References:

Vendor URL: http://www.hostingcontroller.com/ Security Tracker: 1014496 Secunia Advisory ID:16115 Related OSVDB ID: 17916 Related OSVDB ID: 17915 Related OSVDB ID: 17917 Nessus Plugin ID:19254