Title: Users can import unwanted plan or change the plans.
Vendor: Hosting Controller
Version: 6.1 Hot fix <= 3.3
Vendor URL: www.hostingcontroller.com
Solution: N/A
Release Date: 2007 - December
Credit: BugReport.IR

####################
- Discussion:
####################

12- [User] can import unwanted plan or change the plans.
 12.1- To import a plan use "http://[HC URL]/hosting/importhostingplans.asp" directly.
    12.2- To change a plan use something like "http://[HC URL]/hosting/AutoSignUpPlans.asp?save=1&30=ON&d_30=1" directly.

[User] = (A user with a simple account.)

####################
- Solution:
####################

Unfortunately, there is no support from hosting controller about these bugs. Also, they told us that there is no more support for HC 6.1.
Fast Solution:
Delete or rename these files which are in "Hosting Controller\web\admin\": 

- "/hosting/importhostingplans.asp"
- "/hosting/AutoSignUpPlans.asp"

Also, you can contact "admin[4t}bugreport{d0t]ir" to fix all these bugs for you without changing or deleting any file if you want.

####################
- Credit :
####################

AmnPardaz Security Research Team - www.Bugreport.ir
Contact: admin[4t}bugreport{d0t]ir