|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 7939 Credit : r0t Date : 15.03.2010 Exploit Code : ############################################### Vuln. discovered by : r0t Date: 15 March 2010 vendor:http://www.directadmin.com/ affected versions:v1.35.1 and other versions also can be affected. ############################################### DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "name" parameter in "CMD_DB_VIEW" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. ############################################## live PoC: http://www.directadmin.com:2222/CMD_DB_VIEW?DOMAIN=demo.com&name=%22%3E%3Cs cript%3Ealert%28111%29;%3C/script%3E PS. need to login: demo_user:demo ############################################### Solution: Filter malicious characters and character sequences in a web proxy. ###############################################  Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |