Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows Net Apps :: win5350.htm

Hosting Controller multiple vulnerabilities
21th May 2002 [SBWID-5350]

	Hosting Controller multiple vulnerabilities


	Hosting Controller 1.4.1


	KHA and BAODAINHAN [] posted :


	 Database directory traversal:


	By adding slash dot dot,the user can view the files,folders  located  on
	the sytem and can add DSN out of user root directory.





	 Any user can bypass the authority to take control of any 

	 files on the system:


	This vulnerability is on the /import/imp_rootdir.asp file that  let  any
	user can copy,delete files,folders on the system. The  user  can  easily
	take control of any files just by changing the import directory:



	Note : By default,advwebadmin is in Administrator group so  any  scripts
	run under /admin directory will  have  administrator  privilege  on  the
	system  root.The  user  can  upload  malicious  script  code  to  /admin
	directory and execute arbitrary command via browser.


	If admin  doesn\'t  change  or  delete  user  AdvWebadmin,  the  default
	password of this user is advcomm500349, you can creat your  own  account
	or use this account to hack the server.

	A foolish vulnerability, i can view  the  harddisk  by  using  the  file
	browse.asp in directory admin\\&Opt=2&level=0



	Patch available ?? check :


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH