Hosting Controller "BrowsePath" Parameter Handling Directory Traversal Vulnerability


Description   A vulnerability has been identified in Hosting Controller, which could be exploited by malicious users to gain unauthorized access to arbitrary files on a vulnerable system. This issue is due to an input validation error in the "FolderManager/FolderManager.aspx" script that does not validate the "BrowsePath" parameter, which could be exploited by authenticated attackers to access and modify the contents of arbitrary files via a directory traversal.
     
Vulnerable Products   Vulnerable Software:
Hosting Controller version 7.00.0003 and prior
     
Solution  
     
CVE   CVE-2006-6814
     
References   http://www.kapda.ir/advisory-458.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2007-01-03 

 Target Type 
Server 

 Possible exploit 
Local & Remote