Secunia Directadmin Cross-site-Scripting exploit ?

W

Wunk

Verified User
Joined
Sep 25, 2003
Messages
111
Is this fixed yet ?, I see a flurry of really nasty hacks in mind by abusing the directadmin_cron job with this..


--------------
http://secunia.com/advisories/24551/

TITLE:
DirectAdmin "RESULT" Cross-Site Scripting Vulnerability


SECUNIA ADVISORY ID:
SA24551


VERIFY ADVISORY:
http://secunia.com/advisories/24551/


CRITICAL:
Less critical


IMPACT:
Cross Site Scripting


WHERE:
>From remote


SOFTWARE:
DirectAdmin 1.x
http://secunia.com/product/9646/


DESCRIPTION:
Mandr4ke has reported a vulnerability in DirectAdmin, which can be
exploited by malicious people to conduct cross-site scripting
attacks.


Input passed to the "RESULT" parameter in CMD_USER_STATS is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.


SOLUTION:
Filter malicious characters and character sequences in a web proxy.


PROVIDED AND/OR DISCOVERED BY:
Mandr4ke


----------------------------------------------------------------------
 
That fix gives a 'Version Number 1.293'

But the most current DA version is 1.292
 
You still shouldn't worry about it unless you have untrusted users.

The fix will be done in the next DA release.

Meanwhile if you have untrusted users you can shut down your cronjobs.

(Cronjobs are always a possible attack vector. We advertise their availability but leave them off until/unless a client takes the trouble to ask for them to be turned on.)

Jeff
 
Hi Jeff,

Ah ok, so to be able to utilize that secunia attack a user has to actually be logged in ?, then it's a lot less severe indeed.

I was more thinking that if a cross-site scripting exploit was possible to any directadmin server without needing a valid user account, someone would be able to write files as the 'directadmin' owner, and that user owns the cronjob that's being ran by root every minute..

So it's not cronjobs in general, but the task runner of DA that worried me there, injecting bad stuff in that job isn't a good thing ;)
 
You must log in or register to reply here.
Back
Top