Hosting Controller Hidden Field Password Changing Vulnerability
The following exploit was provided by Ben M <firstname.lastname@example.org>.
To exploit this, one would have to:
Add a user (/accounts/getuserdesc.asp)
Edit the user, changing the password (/accounts/updateuserdesc.asp)
Then using something like the @stake web proxy, change the hidden field
username to whatever they wanted (ie, administrator), and submit the form.