DESCRIPTION

Hosting Controller is an all-in-one administrative hosting tool for Windows. It automates a wide range of hosting tasks and provides control of each hosted site to the respective owners. Hosting Controller is now widely used by hosting providers and can be found at http://www.hostingcontroller.com

SUMMARY

PRODUCT	Hosting Controller
VENDOR	Hosting Controller
AFFECTED VERSIONS	Hosting Controller <1.4.1< /td>
SEVERITY
IDENTIFIER	N/A
TESTED PLATFORM	Windows 2000 Professional

Multiple vulnerabilities in Hosting Controlle have been discoverd yet again, allowing an attacker to create, remove arbitrary files or folders on the system.

IMPACT

Unauthorized file editing.

Unauthorized folder management.

DETAILS

[Vulnerability #1] Unauthorized file editing

The script file_editor.asp allows clients to edit their web pages online, without the need of downloading and editing the pages. The script in question however does not check for proper user's input; hence, an attacker can take advantage of the /../ to breakout his root path and edit any files on the vulnerable Hosting Controller server.

[Vulnerability #2] Unauthorized folder management

folderactions.asp is also found to be vulnerable to the infamous dot-dot-slash /../aforementioned, letting the attacker to create, delete files or directories on the server at his choice. This is rather dangerous because Hosting Controller do not have any permission checking and user right checking in place so the attacker are given the luxury to delete anything he wants. Note, the current patches from Hosting Controller do NOT fix this issue.

If the two bugs are combined together, the attacker can actually take total control of the server. I won't expand too much on this.

PROOF OF CONCEPT

N/A

VENDOR STATUS

Vendor has verified and released a patch that addresses the issues. You can download the patch/fixed version from the official website http://www.hostingcontroller.com.

CREDIT

Phuong Nguyen

DISCLOSURE TIMELINE

N/A

APPENDIX

N/A

REFERENCES

N/A