BugReport.ir - Hosting Controller 6.1 - Users can change other's host headers.

Title: Users can change other's host headers.
Vendor: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Vendor URL: www.hostingcontroller.com
Solution: N/A
Release Date: 2007 - December
Credit: BugReport.IR

####################
- Discussion:
####################

15- [User] can change other's host headers.
 15.1- This is because of "/IIS/iibind.asp" which accept the parameter without any checking. Also, this file has potential for dangerous SQL Injection.

[User] = (Unauthorized user without any permission or access.)

####################
- Solution:
####################

Unfortunately, there is no support from hosting controller about these bugs. Also, they told us that there is no more support for HC 6.1.
Fast Solution:
Delete or rename these files which are in "Hosting Controller\web\admin\": 

- "/IIS/iibind.asp"

Also, you can contact "admin[4t}bugreport{d0t]ir" to fix all these bugs for you without changing or deleting any file if you want.

####################
- Credit :
####################

AmnPardaz Security Research Team - www.Bugreport.ir
Contact: admin[4t}bugreport{d0t]ir