|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
i've found 2 vulnerabilities in Hosting Controller that allows remote
authenticated users to change every user password or upload files in every
directory. Here are the PoC:
This allows to modify passwords:
PS: You should have authenticated access.
- -------------------------
Vulnerable versions:
- - HC 2002 RC 1
Other versions may be vulnerable
And this allows to upload:
- -------------------------
Vulnerable versions:
- - HC 2002 RC 1
Other versions may be vulnerable
This vulns are tested with HC 2002 RC 1, but other versions may be
vulnerable.
Sorry for my english, but i'm Italian.
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
iQA/AwUBRC/pBBMZt0KZeGPOEQK5lwCg13JhLH6ghgWoO8zUSG5EUZpmwtwAmwdh
KUkiwb7H3FkEdfZcORRpl4LH
=qlwF
-----END PGP SIGNATURE-----