| VID |
28118 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Hosting Controller which is older than version 6.1 Hotfix 2.3 is detected as installed on the host. Hosting Controller is a Web hosting automation tool for Microsoft Windows platforms. Hosting Controller versions prior to 6.1 Hotfix 2.3 are vulnerable to an unauthorized access vulnerability, caused by improper access control in the admin/com/comgetfile.asp script. A remote authenticated attacker could manipulate the application to navigate beyond his folder and view the folders for all resellers and Web admin utilizing this instance of the Hosting Controller application, In addition to this flaw, the attacker could view a list of web sites by injecting a specially crafted SQL query via the 'hostcustid' parameter of the 'plandetails.asp' script.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://hostingcontroller.com/english/logs/hotfixlogv61_2_3.html
http://securitytracker.com/alerts/2005/Jul/1014496.html
http://securitytracker.com/alerts/2005/Jul/1014577.html
* Platforms Affected:
HostingController.com, Hosting Controller versions prior to 6.1 Hotfix 2.3
Microsoft Windows Any version |
| Recommendation |
Upgrade to the Hosting Controller version 6.1 and apply the latest Hotfix (2.3 or later), available from the Hosting Controller Web site at http://www.hostingcontroller.com |
| Related URL |
(CVE) |
| Related URL |
14302,14393 (SecurityFocus) |
| Related URL |
21561 (ISS) |
|
