Description
browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Bao Dai Nhan · textwebappsasp
https://www.exploit-db.com/exploits/21464
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://www.hostingcontroller.com/english/patches/ForAll/download/drivebrowse.zip
Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-05/0168.html
Patch, Vendor Advisory x_refsource_confirm
http://hostingcontroller.com/english/logs/sp2log.html
Scores
EPSS
0.0063
EPSS Percentile
70.4%
Details
Status
published
Products (5)
hosting_controller/hosting_controller
1.1
hosting_controller/hosting_controller
1.3
hosting_controller/hosting_controller
1.4
hosting_controller/hosting_controller
1.4.1
hosting_controller/hosting_controller
1.4b
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026