[31127] in bugtraq
ZH2003-23SA (security advisory): HostAdmin Path Disclosure
daemon@ATHENA.MIT.EDU (G00db0y)
Tue Aug 12 14:42:57 2003
Date: 12 Aug 2003 17:12:41 -0000
Message-ID: <20030812171241.4935.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: G00db0y <G00db0y@zone-h.org>
To: bugtraq@securityfocus.com
ZH2003-23SA (security advisory): HostAdmin Path Disclosure
Published: 12 august 2003
Released: 12 august 2003
Name: HostAdmin
Affected Systems: current version
Issue: Remote attackers can know the path of the site
Author: G00db0y@zone-h.org
Vendor: http://dreamcost.com/?page=hostadmin
Description
***********
Zone-h Security Team has discovered a flaw in HostAdmin (and older
versions?). "HostAdmin is based on PHP, MySQL, and uses HTML templates
and CSS (Cascading Style Sheets) which can be modified for site-wide
changes by any novice".
Details
*******
It's possible to make a malformed http request in HostAdmin and in doing
so
trigger an error. The resulting error message will disclose potentially
sensitive
installation path information to the remote attacker.
Example:
http://www.site.com/pathofhostadmin/?page='
Solution:
*********
The vendor has been contacted and a patch is not yet produced.
Suggestions:
************
Filter the ' character.
G00db0y - www.zone-h.org admin
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2878/
