Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Hosting Controller Multiple Unauthenticated information disclose
From: small mouse (small.mousegmail.com)
Date: Mon Mar 07 2005 - 16:13:59 CST
-= Security Advisory =-
Software Package : Hosting Controller
Vendor Homepage : http://www.hostingcontroller.com
Platforms : Windows based servers
Vulnerability : Multiple Unauthenticated information disclose
Risk : Low
Vulnerable Versions: All version ( Tested on: v.6.1 Hotfix 1.7 )
Vendor Contacted : 3/6/2005
Release Date: : 3/8/2005
Hosting Controller is a complete array of Web hosting automation tools for
the Windows Server family platform.
the product have a feature which logs site updates and check this
periodically. this log is saved in a .CSv format and storage path
is in web-root of server. to name some of saved information in this CSV
file , bandwith report and disk usage report are written in "comment" filed.
as this is a general ( not domain specific ) log , reports of EVERY
on the server are logged here . so by reviewing this file , you can enumerate
all domain names that are hosted on this server .
There is a password recovery feature in Admin login page of Hosting Controller ,
which send back your password to registred e-mail address saved in system.
if you know the site domain name , and remove the .com/.net/.* part
and submit it as the asked "login ID" , Hosting Controller will disclose the
hosting owners e-mail , which is not usually the one , mentioned in
site itself ;)
mix this bug with (1) and have fun :)
when does these comes usefull ?
my own scenario :
I had to penetrate into a site . well , server had no special remote
flaw and web-site
itself hadn`t any bug to use . I used this trick to find a vulnerable
web site on same server
and used it`s flaws to gain access to my final target ...
The vender was notified, they have released a patch.
Update Your software
Discovered on 10 Apr 2004 by (\/) Mouse and Hamid Kashfi