('binary' encoding is not supported, stored as-is) SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (5.29 hits, 5 required) SPAM: Hit! (0.5 points) Subject has an exclamation mark SPAM: Hit! (1.9 points) Forged yahoo.com 'Received:' header found SPAM: Hit! (2.89 points) 'From:' address also used as sender's real name SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- -Vulnerable versions: all HC versions. 1.Database directory travelsal: By adding slash dot dot,the user can view the files,folders located on the sytem and can add DSN out of user root directory. http://www.target.com/admin/dsn/dsnmanager.asp? DSNAction=ChangeRoot&RootName=D:\webspace\opendnsserver\targ et\target.com\db\..\..\..\..\ 2.Any user can bypass the authority to take control of any files on the system: This vulnerability is on the /import/imp_rootdir.asp file that let any user can copy,delete files,folders on the system. The user can easily take control of any files just by changing the import directory: http://www.target.com/admin/import/imp_rootdir.asp? result=1&www=C:\&ftp=C:\&owwwPath=C:\&oftpPath=C:\ -Exploit:By default,advwebadmin is in Administrator group so any scripts run under /admin directory will have administrator privilege on the system root.The user can upload malicious script code to /admin directory and execute arbitrary command via browser. -Workaround:looking for the newest patch for HC from www.hostingcontroller.com KHA hdlkhaat_private http://www.viethacker.net
This archive was generated by hypermail 2b30 : Fri May 17 2002 - 09:57:54 PDT