Another vulnerability in hosting controller

[Bao Dai Nhan <baodainhan () fptnet com>]

1/If admin doesn't change or delete user AdvWebadmin, the 
default password of this user is advcomm500349, you can 
creat your own account or use this account to hack the 
server.
1/ A foolish vulnerability, i can view the harddisk by 
using the file browse.asp in directory admin
www.victim.com/admin/browse.asp?FilePath=c:\&Opt=2&level=0

BAODAINHAN
baodainhan () fptnet com
www.viethacker.net