View Full Version : security problem
pioklo
03-17-2007, 12:27 PM
http://www.securityfocus.com/archive/1/463003/30/30/threaded
Regards,
Piotr
smoked1
03-17-2007, 02:04 PM
That does not look good. Do you know if they fixed this yet?
pioklo
03-17-2007, 02:19 PM
I have tested this sploit on 1.8 version of DA and it doesnt work
In logs:
2007:03:17-20:09:16: User pioklo tried to set domain= on /CMD_USER_STATS
2007:03:17-20:09:16: User pioklo tried to set DOMAIN= on /CMD_USER_STATS
Regards,
Piotr
floyd
03-17-2007, 07:38 PM
How is this an exploit? What can possibly be done? I just don't see the problem. The attacker must be authenticated. Are they able to affect other users? Are they able to hack the server?
jlasman
03-18-2007, 09:59 AM
This isn't really a security issue.
However, since it's now been reported three times, DA staff has decided to eliminate the feature.
Full discussion in this thread (http://www.directadmin.com/forum/showthread.php?t=13152).
Jeff
vBulletin® v3.7.0, Copyright ©2000-2009, Jelsoft Enterprises Ltd.