[26164] in bugtraq
Hosting Controller Vulnerability
daemon@ATHENA.MIT.EDU (Ben M)
Sat Jul 13 14:22:10 2002
Date: 13 Jul 2002 15:14:12 -0000
Message-ID: <20020713151412.10889.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Ben M <webmaster@theratnerschool.org>
To: bugtraq@securityfocus.com
In Hosting Controller 2002, it is possible to change the password of any
user, Administrator.
To exploit this, one would have to:
Add a user (/accounts/getuserdesc.asp)
Edit the user, changing the password (/accounts/updateuserdesc.asp)
Then using something like the @stake web proxy, change the hidden field
username to whatever they wanted (ie, administrator), and submit the form.
The vender was notified, they have released a patch
(http://hostingcontroller.com/English/downloads/inc_updateuser.zip), which
was released within 48 hours of notification (good job!)
