DirectAdmin <= v1.35.1 XSS vuln.

2010-03-15T00:00:00
ID SECURITYVULNS:DOC:23376
Type securityvulns
Reporter Securityvulns
Modified 2010-03-15T00:00:00

Description

DirectAdmin <= v1.35.1 XSS vuln.

Vuln. discovered by : r0t Date: 15 March 2010 vendor:http://www.directadmin.com/ affected versions:v1.35.1 and other versions also can be affected. orginal advisory:http://pridels-team.blogspot.com/2010/03/directadmin-v1351-xss-vuln.html

DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "name" parameter in "CMD_DB_VIEW" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

live PoC: http://www.directadmin.com:2222/CMD_DB_VIEW?DOMAIN=demo.com&name=%22%3E%3Cscript%3Ealert%28111%29;%3C/script%3E PS. need to login: demo_user:demo

Solution: Filter malicious characters and character sequences in a web proxy.