Bug in HC

2005-12-16T00:00:00
ID SECURITYVULNS:DOC:10656
Type securityvulns
Reporter Securityvulns
Modified 2005-12-16T00:00:00

Description

                        In GOD We Trust
              Kachal667 Under9round Team (KuT)

Hi, Here's my(LrK) new advisory about Hosting Controller.

Hosting Controller - CSS vulnerabilities

Found date : Pri8 Public Date: 02/11/2005

Summary

Hosting Controller is an all-in-one administrative hosting tool for Windows. It automates a wide range of hosting tasks and provides control of each hosted site to the respective owners. Hosting Controller is now widely used by hosting providers and can be found at http://www.hostingcontroller.com.

HostingController was tested. (Probably all prior versions)

Vulnerability

Impact: An attacker may be able to put him message or photo or .. not intended to be publically accessible and upload scripts to manipulate files and control administration of sites using the latest version of HostingController.

Lone Rider Knight

Details

Vulnerability

Hosting Controller has a security flaw which allows outside attackers to Put her message with css

Sample scripts that allow browsing anywhere on the server: http://www.eg.com/admin/hosting/error.asp?error=<salam!> http://www.eg.com/admin/hosting/error.asp?error=<IMG%20height=340%20src="http://eg.com/Deface/deface.jpg"%20width="596"> http://www.eg.com/hosting/error.asp?error=<IMG%20height=340%20src="http://eg.com/Deface/deface.jpg"%20width="596">

The directory "hc" is an example of the path to the HostingController script on the sample domain. The actual "hc" directory name -- such as "admin" or "hostingcontroller" -- must be discovered for each "eg.com" and replaced in the above URL scripts.

Lone Rider Knight