Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23376
HistoryMar 15, 2010 - 12:00 a.m.

DirectAdmin <= v1.35.1 XSS vuln.

2010-03-1500:00:00
vulners.com
20

DirectAdmin <= v1.35.1 XSS vuln.
###############################################
Vuln. discovered by : r0t
Date: 15 March 2010
vendor:http://www.directadmin.com/
affected versions:v1.35.1 and other
versions also can be affected.
orginal advisory:http://pridels-team.blogspot.com/2010/03/directadmin-v1351-xss-vuln.html
###############################################

DirectAdmin contains a flaw that allows a remote Cross-Site Scripting
attacks.Input passed to the "name" parameter in "CMD_DB_VIEW" isn't
properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
##############################################
live PoC:
http://www.directadmin.com:2222/CMD_DB_VIEW?DOMAIN=demo.com&amp;name=&#37;22&#37;3E&#37;3Cscript&#37;3Ealert&#37;28111&#37;29;&#37;3C/script&#37;3E
PS.
need to login:
demo_user:demo
###############################################
Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################