Hosting Controller Hidden Field Password Changing Vulnerability

The following exploit was provided by Ben M <webmaster@theratnerschool.org>.

To exploit this, one would have to:

Add a user (/accounts/getuserdesc.asp)
Edit the user, changing the password (/accounts/updateuserdesc.asp)
Then using something like the @stake web proxy, change the hidden field
username to whatever they wanted (ie, administrator), and submit the form.


 

Privacy Statement
Copyright 2010, SecurityFocus