Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11979
HistoryMar 28, 2006 - 12:00 a.m.

CONTROLzx HMS - Hosting Management System vuln.

2006-03-2800:00:00
vulners.com
5
JSON

CONTROLzx HMS - Hosting Management System vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 march 2006
vendor:http://front.controlzx.com/
affected versions:V.3.3.4 and prior
orginal advisory:http://pridels.blogspot.com/2006/03/controlzx-hms-hosting-management.html
###############################################

Vuln. description:

CONTROLzx HMS contains a flaws that allows a remote cross site
scripting attacks.
Those flaws exists because input passed to "dedicatedPlanID" parameter
in "dedicated_order.php" and "sharedPlanID" parameter in
"shared_order.php" and "plan_id" parameter in
"/customers/server_management.php" isn't properly sanitised before
being returned to the user.
And input passed to email field in "/customers/forgotpass.php" isn't
properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
integrity.

examples :

/shared_order.php?sharedPlanID=1[XSS]
/dedicated_order.php?dedicatedPlanID=1[XSS]
/customers/server_management.php?plan_id=1[XSS]

/small update/

As this software had few months ago another name "DRZES HMS" i was
reported about for multiple vuln. in DRZES HMS 3.2(Look at adtional
info.)
So here just for update is one from 3.2 version, wich isnt fixed in
last releases:

Input passed to search field in "/customers/register_domain.php" isn't
properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

##############################################
DRZES HMS 3.2 - multiple SQL inj. and XSS vuln.
http://pridels.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

JSON