Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for multiple vulnerabilities in Hosting Controller < 6.1 hotfix 2.2

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains an ASP application with multiple flaws.

Description :

According to its version number, the version of Hosting Controller on
the remote host is subject to multiple flaws :

- Denial of Service Vulnerabilities
By accessing the 'editplanopt3.asp', 'planmanager.asp',
and 'plansettings.asp' scripts directly or with specific
parameters, a possible hacker can cause the 'inetinfo.exe'
process to consume a large amount of CPU resources.

- Multiple SQL Injection Vulnerabilities
An authenticated attacker can affect SQL queries by
manipulating input to the 'searchtext' parameter of the
'IISManagerDB.asp' and 'AccountManager.asp' scripts and
the 'ListReason' parameter of the 'listreason.asp'

- Access Rights Vulnerabilities
Several scripts fail to restrict access to privileged
users, which allows non-privileged users to add accounts
with elevated rights and make changes to various
plan settings. Another failure allows users to gain
elevated rights by first accessing the
'dsp_newreseller.asp' script before returning to the
application's homepage.

See also :

Solution :

Upgrade to version 6.1 if necessary and apply Hotfix 2.2.

Threat Level:

Low / CVSS Base Score : 3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.