RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
BID:52848
Info
RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
| Bugtraq ID: | 52848 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-5305 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 02 2012 12:00AM |
| Updated: | Oct 10 2012 06:10PM |
| Credit: | Dawid Golak |
| Vulnerable: |
JBMC Software DirectAdmin 1.403 |
| Not Vulnerable: | |
Discussion
RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
DirectAdmin 1.403 is vulnerable; other versions may also be affected.
Note: This BID is being retired as a duplicate of BID 52845 (JBMC Software DirectAdmin 'domain' Parameter Cross Site Scripting Vulnerability).
DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
DirectAdmin 1.403 is vulnerable; other versions may also be affected.
Note: This BID is being retired as a duplicate of BID 52845 (JBMC Software DirectAdmin 'domain' Parameter Cross Site Scripting Vulnerability).
Exploit / POC
RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
The following example URI is available:
https://www.example.com/CMD_DOMAIN?action=create&domain=<div style="border:1px solid red;width:300px;height:300px"
onmouseover="alert(dawid)"></div>aaa.pl&ubandwidth=unlimited&uquota=unlimited&cgi=ON&php=ON
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
The following example URI is available:
https://www.example.com/CMD_DOMAIN?action=create&domain=<div style="border:1px solid red;width:300px;height:300px"
onmouseover="alert(dawid)"></div>aaa.pl&ubandwidth=unlimited&uquota=unlimited&cgi=ON&php=ON
Solution / Fix
RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability
References:
References:
- DirectAdmin Homepage (JBMC Software)
- DirectAdmin v1.403 - Cross Site Scripting Vulnerability (Dawid Golak)