Hosting Controller隐藏字段密码改变漏洞

漏洞信息详情

Hosting Controller隐藏字段密码改变漏洞

• CNNVD编号：CNNVD-200208-209
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0776
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-08-12
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  hosting_controller
• 漏洞来源：
  Vulnerability disc…

Hosting Controller 2002版本的getuserdesc.asp存在漏洞。远程攻击者通过修改username参数改变任意用户的密码和提升特权，正如\”UpdateUser\”快速修复中处理的。

The vendor has made a fix available. It has been reported that this fix may also be applied to Hosting Controller 1.4 (which is also affected by this vulnerability).
Hosting Controller Hosting Controller 2002

• Hosting Controller inc_updateuser.zip
  
  http://hostingcontroller.com/English/downloads/inc_updateuser.zip

Hosting Controller Hosting Controller 1.4

• Hosting Controller inc_updateuser.zip
  
  http://hostingcontroller.com/English/downloads/inc_updateuser.zip

来源: BUGTRAQ
名称: 20020713 Hosting Controller Vulnerability
链接:http://online.securityfocus.com/archive/1/282129

来源: hostingcontroller.com
链接:http://hostingcontroller.com/english/logs/sp2log.html

来源: BID
名称: 5229
链接:http://www.securityfocus.com/bid/5229

来源: XF
名称: hosting-controller-password-modification(9554)
链接:http://www.iss.net/security_center/static/9554.php