Detections
Analytics

Hosting Controller < 6.1 Hotfix 2.2 Multiple Vulnerabilities

medium Nessus Plugin ID 19194

Synopsis

The remote web server contains an ASP application with multiple flaws.

Description

According to its version number, the installation of Hosting Controller on the remote host is subject to multiple flaws :

 - Denial of Service Vulnerabilities By accessing the 'editplanopt3.asp', 'planmanager.asp', and 'plansettings.asp' scripts directly or with specific parameters, an attacker can cause the 'inetinfo.exe' process to consume a large amount of CPU resources.

 - Multiple SQL Injection Vulnerabilities An authenticated attacker can affect SQL queries by manipulating input to the 'searchtext' parameter of the 'IISManagerDB.asp' and 'AccountManager.asp' scripts and the 'ListReason' parameter of the 'listreason.asp' script.

 - Access Rights Vulnerabilities Several scripts fail to restrict access to privileged users, which allows non-privileged users to add accounts with elevated privileges and make changes to various plan settings. Another failure allows users to gain elevated privileges by first accessing the 'dsp_newreseller.asp' script before returning to the application's homepage.

Solution

Upgrade to version 6.1 if necessary and apply Hotfix 2.2.

See Also

https://hostingcontroller.com/english/logs/hotfixlogv61_2_2.html

Plugin Details

Severity: Medium

ID: 19194

File Name: hosting_controller_mult_sql_injections.nasl

Version: 1.18

Type: local

Family: CGI abuses

Published: 7/14/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/11/2005

Reference Information

CVE: CVE-2005-2219

BID: 14258, 14283