Hosting Controller Vulnerability

From: Ben M (webmasterat_private)
Date: Sat Jul 13 2002 - 08:14:12 PDT

Next message: SGI Security Coordinator: "SGI Apache Web Server Chunk Handling vulnerability"

Previous message: jaehnelat_private: "RE: MacOS X SoftwareUpdate Vulnerability"
Next in thread: Muhammad Faisal Rauf Danka: "Re: Hosting Controller Vulnerability"
Reply: Muhammad Faisal Rauf Danka: "Re: Hosting Controller Vulnerability"
Reply: James Griffin: "Re: Hosting Controller Vulnerability"
Reply: Ben M: "Re: Hosting Controller Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In Hosting Controller 2002, it is possible to change the password of any user, Administrator. To exploit this, one would have to: Add a user (/accounts/getuserdesc.asp) Edit the user, changing the password (/accounts/updateuserdesc.asp) Then using something like the @stake web proxy, change the hidden field username to whatever they wanted (ie, administrator), and submit the form. The vender was notified, they have released a patch (http://hostingcontroller.com/English/downloads/inc_updateuser.zip), which was released within 48 hours of notification (good job!)

Next message: SGI Security Coordinator: "SGI Apache Web Server Chunk Handling vulnerability"
Previous message: jaehnelat_private: "RE: MacOS X SoftwareUpdate Vulnerability"
Next in thread: Muhammad Faisal Rauf Danka: "Re: Hosting Controller Vulnerability"
Reply: Muhammad Faisal Rauf Danka: "Re: Hosting Controller Vulnerability"
Reply: James Griffin: "Re: Hosting Controller Vulnerability"
Reply: Ben M: "Re: Hosting Controller Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jul 13 2002 - 11:12:40 PDT