DirectAdmin <= v1.35.1 XSS vuln.

Type securityvulns
Reporter Securityvulns
Modified 2010-03-15T00:00:00


DirectAdmin <= v1.35.1 XSS vuln.

Vuln. discovered by : r0t Date: 15 March 2010 vendor: affected versions:v1.35.1 and other versions also can be affected. orginal advisory:

DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "name" parameter in "CMD_DB_VIEW" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

live PoC:;%3C/script%3E PS. need to login: demo_user:demo

Solution: Filter malicious characters and character sequences in a web proxy.