SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Hosting Controller Vendors:   HostingController.com
Hosting Controller Access Control Bugs Let Remote Users Gain Reseller and Administrative Privileges
SecurityTracker Alert ID:  1016444
SecurityTracker URL:  http://securitytracker.com/id/1016444
CVE Reference:   CVE-2006-3147   (Links to External Site)
Updated:  Jan 2 2009
Original Entry Date:  Jul 6 2006
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.1 Hotfix 3.1 and prior versions
Description:   Soroush Dalili from GrayHatz Security Group (GSG) reported a vulnerability in Hosting Controller. A remote user can obtain reseller privileges and then gain administrative privileges.

The 'hosting/addreseller.asp' script does not properly authenticate users. A remote user can gain reseller privileges.

A remote user can send an HTTP POST request to the '/Admin/Accounts/AccountActions.asp?ActionType=UpdateCreditLimit' script to list all resellers on the target system.

The remote user can modify the password of one of the resellers on the list. Then, logging in as that reseller, the remote user can load the userlist and select a user (or create and select one if no user exists). Finally, the remote user can submit a form to the '/Admin/Check_Password.asp' to gain administrative privileges (including HCAdmin privileges).

Impact:   A remote user can gain reseller and administrative privileges.
Solution:   The vendor has issued a fixed version (6.1 Hotfix 3.2), available at:

http://www.hostingcontroller.com/english/downloads/HotFixV61_3_2.exe

Vendor URL:  www.hostingcontroller.com (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC