[UNIX] Hosting Controller Directory Traversal Madness
From: support@securiteam.comDate: 03/23/02
- Previous message: support@securiteam.com: "[NT] Gravity Storm Service Pack Manager 2000 Share Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 23 Mar 2002 18:10:29 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Hosting Controller Directory Traversal Madness
------------------------------------------------------------------------
SUMMARY
<http://www.hostingcontroller.com/> Hosting Controller is an all in one
administrative hosting tools for Windows. It automates all hosting tasks
and gives full control of each website to the respective owners. Multiple
security vulnerabilities have been found to allow attackers to edit,
delete, create, move, etc any file they desire on the remote server.
DETAILS
Bug #1
File_editor.asp allows clients to edit their web pages online, without the
need to download, edit the pages and re-upload using FTP. File_editor.asp
is vulnerable to the /../ that allows attacker to breakout his root path
and edits any files on the hosts.
Bug #2
Folderactions.asp is also vulnerable to /../ traversal, allows attacker to
create, delete, files, directories on the server at his choice. This is
rather dangerous because Hosting Controller does not perform proper
permission checking and user right checking so the attacker can delete
anything he wants, the current patches from Hosting Controller does not
fix this.
If you combine those two bugs together then you actually can compromise
the server.
ADDITIONAL INFORMATION
The information has been provided by <mailto:dphuong@yahoo.com> Phuong
Nguyen.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Gravity Storm Service Pack Manager 2000 Share Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
