SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Hosting Controller Vendors:  HostingController.com
Hosting Controller 'comgetfile.asp' Discloses Reseller Information to Remote Authenticated Users
SecurityTracker Alert ID:  1014577
SecurityTracker URL:  http://securitytracker.com/id?1014577
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 26 2005
Impact:  Disclosure of user information
Exploit Included:  Yes  
Version(s): Tested on 6.1 Hotfix 2.1 and 6.1 Hotfix 2.2
Description:  zatuzik reported a vulnerability in Hosting Controller. A remote authenticated user can view other resellers on the system.

The 'admin/com/comgetfile.asp' script does not properly control user access. A remote authenticated user can load the script, click on 'expand folder', navigate up one level, and then refresh to view other reseller folders on the system.

A demonstration exploit screen capture is available at:

http://thebestfriends.us/comgetcom.jpg
Impact:  A remote authenticated user can view other resellers on the system.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.hostingcontroller.com/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)
Reported By:  zuzi atk <zatuzik@yahoo.com>
Message History:   None.

 Source Message Contents
Date:  Fri, 22 Jul 2005 21:47:29 -0700 (PDT)
From:  zuzi atk <zatuzik@yahoo.com>
Subject:  Hosting Controller

 
 
Advisory Information
-------------------------
 
Software Package   : Hosting Controller
Vendor Homepage    : http://www.hostingcontroller.com
Platforms          : Windows based servers
Vulnerable Versions:  Tested on: v.6.1 Hotfix 2.1 and hotfix 2.2 
 
Details
---------
  This vulnerability is on the admin/com/comgetfile.asp and attackers
can view folder in all reseller , all webadmin !
okay  now
Login with your account
http://www.yoursite.com/admin
Now you see
http://www.yoursite.com/admin/main.asp
Change this url to
http://www.yoursite.com/admin/com/comgetfile.asp 
you see folder your webadmin
- click expand folder, continue click up one lever and then refresh !
demo : http://thebestfriends.us/comgetcom.jpg
 
Credits
---------
 
Discovered on 1/7/2005, by zatuzik
zatuzik@yahoo.com
http://viethacker.org
 
 
 
Start your day with Yahoo! - make it your home page


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC