SecurityTracker.com Archives - Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Generic) > Hosting Controller

Vendors: HostingController.com

Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories

SecurityTracker Alert ID: 1017103

SecurityTracker URL: http://securitytracker.com/id?1017103

CVE Reference: CVE-2006-5629 , CVE-2006-5630 (Links to External Site)

Updated: Jan 2 2009

Original Entry Date: Oct 20 2006

Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Version(s): 6.1 Hotfix 3.2 and prior versions

Description: Soroush Dalili of Kapda and GSG reported several vulnerabilities in Hosting Controller. A remote user can create or delete forums and virtual directories.

The 'EnableForum.asp' and 'DisableForum.asp' scripts do not properly validate user-supplied input in the 'ForumID' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. This can be exploited to enable or delete arbitrary forums.

Some demonstration exploit URLs are provided:

/forum/HCSpecific/DisableForum.asp?action=disableforum&ForumID=1 or 1=1

/forum/HCSpecific/EnableForum.asp?action=enableforum&ForumID=1 or 1=1

A remote user can also delete and create arbitrary virtual directories.

Some demonstration exploit URLs are provided:

/forum/HCSpecific/DisableForum.asp?action=disableforum&WSiteName=testsite.com&VDirName=test&Forum ID=1

/forum/HCSpecific/EnableForum.asp?action=enableforum&WSiteName=testsite.com&VDirName=test&ForumID=

The original advisory is available at:

http://www.kapda.ir/advisory-442.html

Impact: A remote user can execute SQL commands on the underlying database to enable or delete forums.

A remote user can create or delete arbitrary virtual directories.

Solution: The vendor has issued a fix (6.1 Hotfix 3.3).

Vendor URL: www.hostingcontroller.com (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

 

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC