Bug in HC

2005.12.16
Risk: Low
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

In GOD We Trust Kachal667 Under9round Team (KuT) Hi, Here's my(LrK) new advisory about Hosting Controller. Hosting Controller - CSS vulnerabilities Found date : Pri8 Public Date: 02/11/2005 Summary ------- Hosting Controller is an all-in-one administrative hosting tool for Windows. It automates a wide range of hosting tasks and provides control of each hosted site to the respective owners. Hosting Controller is now widely used by hosting providers and can be found at http://www.hostingcontroller.com. HostingController was tested. (Probably all prior versions) Vulnerability Impact: An attacker may be able to put him message or photo or .. not intended to be publically accessible and upload scripts to manipulate files and control administration of sites using the latest version of HostingController. Lone Rider Knight Details ------- Vulnerability Hosting Controller has a security flaw which allows outside attackers to Put her message with css Sample scripts that allow browsing anywhere on the server: http://www.eg.com/admin/hosting/error.asp?error=<salam!> http://www.eg.com/admin/hosting/error.asp?error=<IMG%20height=340%20src= "http://eg.com/Deface/deface.jpg"%20width="596"> http://www.eg.com/hosting/error.asp?error=<IMG%20height=340%20src="http: //eg.com/Deface/deface.jpg"%20width="596"> The directory "hc" is an example of the path to the HostingController script on the sample domain. The actual "hc" directory name -- such as "admin" or "hostingcontroller" -- must be discovered for each "eg.com" and replaced in the above URL scripts. Lone Rider Knight


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top