Hi, I'm Soroush Dalili from GSG (GrayHatz Security Group).
Title: Hosting controller program have a security bug in "AccountActions.asp" that an authenticated
user can change his/her credit and buy some services!
Version: 6.1 HotFix 2.1 and older
Developer url: hostingcontroller.com
Comment: Hosting Controller is an application to manage a host.
Exploit code to proof:
--------------------------------
GET CREDIT
Soroush Dalili from GSG