header-logo
Suggest Exploit
vendor:
Hosting Controller
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Access Vulnerability
22
CWE
Product Name: Hosting Controller
Affected Version From: Hosting Controller v6.1
Affected Version To: Hosting Controller v6.1
Patch Exists: NO
Related CWE: N/A
CPE: a:hosting_controller:hosting_controller:6.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2002

Hosting Controller ‘browse.asp’ Script Arbitrary File Access Vulnerability

Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The 'browse.asp' script is prone to an issue which may allow a remote attacker to view the contents of arbitrary files and directories. The attacker must provide a malicious value as a URL parameter in a request for the affected script, which will be read with the privileges of the web server process.

Mitigation:

Restrict access to the 'browse.asp' script and ensure that it is not accessible from untrusted sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4778/info

Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems.

The 'browse.asp' script is prone to an issue which may allow a remote attacker to view the contents of arbitrary files and directories. The attacker must provide a malicious value as a URL parameter in a request for the affected script, which will be read with the privileges of the web server process. 

http://target/admin/browse.asp?FilePath=c:\&Opt=2&level=0

Navigation

Suggest Exploit

Services By CQR