Morning Wood
2005-05-09 12:55:03 UTC
------------------------------------------------------------
- EXPL-A-2005-007 exploitlabs.com Advisory 036 -
------------------------------------------------------------
- H-Sphere -
AFFECTED PRODUCTS
=================
H-Sphere Winbox
Positive Software Corporation
https://www.psoft.net
OVERVIEW
========
H-Sphere is a scalable multiserver web hosting solution.
It has many advanced features and a sophisticated billing
system to automate and improve your web hosting tasks.
H-Sphere was designed to work on many servers and can be
scaled by adding more web, mail, database, and DNS servers
without any downtime. It provides a simple, easy-to-use web
interface that can be maintained from any computer with
internet connection. H-Sphere was written in Java and works
with any SQL-compliant database.
DETAILS
=======
1. local user/pass information disclosure
Item 1
---------
While performing administration duties for domain management,
HSPHERE writes log information containing domain information
and user/password combinations.
C:\HSphere.NET\log
action.log <--- stores user/pass
resources.log <--- stores user/pass
example:
[0/00/2005 0:00:00 AM] Thread: 0000; Requested method "account.update" with
parameters resourcename=account, username=theuser, password=thepassword
on windows machines running HSPHERE, the default install
does not restrict permissions to this folder, allowing
less priveleged users to read account information.
SOLUTION:
=========
Psoft has been contacted and a patch released
it is available at:
http://www.psoft.net/misc/hsphere_winbox_security_update_passwd.html
Credits
=======
This vulnerability was discovered and researched by
Donnie Werner of exploitlabs
Donnie Werner
mail: wood at exploitlabs.com
mail: morning_wood at zone-h.org
- EXPL-A-2005-007 exploitlabs.com Advisory 036 -
------------------------------------------------------------
- H-Sphere -
AFFECTED PRODUCTS
=================
H-Sphere Winbox
Positive Software Corporation
https://www.psoft.net
OVERVIEW
========
H-Sphere is a scalable multiserver web hosting solution.
It has many advanced features and a sophisticated billing
system to automate and improve your web hosting tasks.
H-Sphere was designed to work on many servers and can be
scaled by adding more web, mail, database, and DNS servers
without any downtime. It provides a simple, easy-to-use web
interface that can be maintained from any computer with
internet connection. H-Sphere was written in Java and works
with any SQL-compliant database.
DETAILS
=======
1. local user/pass information disclosure
Item 1
---------
While performing administration duties for domain management,
HSPHERE writes log information containing domain information
and user/password combinations.
C:\HSphere.NET\log
action.log <--- stores user/pass
resources.log <--- stores user/pass
example:
[0/00/2005 0:00:00 AM] Thread: 0000; Requested method "account.update" with
parameters resourcename=account, username=theuser, password=thepassword
on windows machines running HSPHERE, the default install
does not restrict permissions to this folder, allowing
less priveleged users to read account information.
SOLUTION:
=========
Psoft has been contacted and a patch released
it is available at:
http://www.psoft.net/misc/hsphere_winbox_security_update_passwd.html
Credits
=======
This vulnerability was discovered and researched by
Donnie Werner of exploitlabs
Donnie Werner
mail: wood at exploitlabs.com
mail: morning_wood at zone-h.org
--
web: http://exploitlabs.com
web: http://zone-h.org
http://exploitlabs.com/files/advisories/EXPL-A-2005-007-hsphere.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
web: http://exploitlabs.com
web: http://zone-h.org
http://exploitlabs.com/files/advisories/EXPL-A-2005-007-hsphere.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/