|
Hosting Controller Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA16115
|
|
|
Release Date:
|
2005-07-18
|
|
Last Update:
|
2005-08-17
|
|
Popularity:
|
6,184 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Manipulation of data
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Partial Fix
|
|
| Software: | Hosting Controller 6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Some vulnerabilities have been discovered in Hosting Controller, which can be exploited by malicious users to gain knowledge of sensitive information, modify data, or conduct SQL injection attacks.
1) Access to the "planmanagerstep1.asp" script isn't properly restricted. This can be exploited by non-privileged users to add a plan to the database.
2) Access to the "editplanopt1.asp" script isn't properly restricted. This can be exploited by non-privileged users to make unauthorised changes to the plans in the database.
3) Input passed to the "hostcustid" parameter of "plandetails.asp" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) Access to the "IISActions.asp" script isn't properly restricted. This can be exploited by non-privileged users to add domains with unlimited quota.
5) Input passed to certain parameters in the forgot password option isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
6) An authenticated user can disable scripting for any website on the server.
The vulnerabilities have been confirmed in version 6.1 with hotfix 2.2. Prior versions may also be affected.
Solution:
Apply Hotfix 2.3.
http://hostingcontroller.com/english/logs/hotfixlogv61_2_3.html
NOTE: The hotfix does not fix the first vulnerability. Instead, edit the source code to ensure that access to the script is properly restricted.
Provided and/or discovered by:
1-4) Soroush Dalili, GrayHatz Security Group.
5-6) Reported by vendor.
Changelog:
2005-08-17: Hotfix released. Updated "Description" and "Solution" sections.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
