Another vulnerability in hosting controller

2002-05-21T00:00:00
ID SECURITYVULNS:DOC:2959
Type securityvulns
Reporter Securityvulns
Modified 2002-05-21T00:00:00

Description

1/If admin doesn't change or delete user AdvWebadmin, the

default password of this user is advcomm500349, you can

creat your own account or use this account to hack the

server.

1/ A foolish vulnerability, i can view the harddisk by

using the file browse.asp in directory admin

www.victim.com/admin/browse.asp?FilePath=c:\&Opt=2&level=0

BAODAINHAN

baodainhan@fptnet.com

www.viethacker.net