ZH2003-23SA (security advisory): HostAdmin Path Disclosure

From: G00db0y (G00db0y_at_zone-h.org)
Date: 08/12/03

  • Next message: Geoff Shively: "3 Comprehensive links in combat with MSBlaster Worm"
    Date: 12 Aug 2003 17:12:41 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    ZH2003-23SA (security advisory): HostAdmin Path Disclosure

    Published: 12 august 2003

    Released: 12 august 2003

    Name: HostAdmin

    Affected Systems: current version

    Issue: Remote attackers can know the path of the site

    Author: G00db0y@zone-h.org

    Vendor: http://dreamcost.com/?page=hostadmin

    Description

    ***********

    Zone-h Security Team has discovered a flaw in HostAdmin (and older
    versions?). "HostAdmin is based on PHP, MySQL, and uses HTML templates
    and CSS (Cascading Style Sheets) which can be modified for site-wide
    changes by any novice".

    Details

    *******
     
    It's possible to make a malformed http request in HostAdmin and in doing
    so
    trigger an error. The resulting error message will disclose potentially
    sensitive
    installation path information to the remote attacker.

    Example:

    http://www.site.com/pathofhostadmin/?page='

    Solution:

    *********

    The vendor has been contacted and a patch is not yet produced.

    Suggestions:

    ************

    Filter the ' character.

    G00db0y - www.zone-h.org admin

    Original advisory here: http://www.zone-h.org/en/advisories/read/id=2878/


  • Next message: Geoff Shively: "3 Comprehensive links in combat with MSBlaster Worm"