Hosting Controller 'EnableForum.asp' and 'DisableForum.asp' Scripts Let Remote Users Create or Delete Forums and Virtual Directories
|
|
SecurityTracker Alert ID: 1017103
|
|
SecurityTracker URL: http://securitytracker.com/id?1017103
|
|
CVE Reference: CVE-2006-5629
, CVE-2006-5630
(Links to External Site)
|
Updated: Jan 2 2009
|
Original Entry Date: Oct 20 2006
|
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 6.1 Hotfix 3.2 and prior versions
|
Description: Soroush Dalili of Kapda and GSG reported several vulnerabilities in Hosting Controller. A remote user can create or delete forums and virtual directories.
The 'EnableForum.asp' and 'DisableForum.asp' scripts do not properly validate user-supplied input in the 'ForumID' parameter. A
remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. This can be exploited
to enable or delete arbitrary forums.
Some demonstration exploit URLs are provided:
/forum/HCSpecific/DisableForum.asp?action=disableforum&ForumID=1
or 1=1
/forum/HCSpecific/EnableForum.asp?action=enableforum&ForumID=1 or 1=1
A remote user can also delete and create arbitrary
virtual directories.
Some demonstration exploit URLs are provided:
/forum/HCSpecific/DisableForum.asp?action=disableforum&WSiteName=testsite.com&VDirName=test&Forum
ID=1
/forum/HCSpecific/EnableForum.asp?action=enableforum&WSiteName=testsite.com&VDirName=test&ForumID=
The original advisory
is available at:
http://www.kapda.ir/advisory-442.html
|
Impact: A remote user can execute SQL commands on the underlying database to enable or delete forums.
A remote user can create or delete arbitrary virtual directories.
|
Solution: The vendor has issued a fix (6.1 Hotfix 3.3).
|
Vendor URL: www.hostingcontroller.com (Links to External Site)
|
Cause: Access control error, Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|