============================================================================= [+] Exploit Title : DirectAdmin Web Control Panel CSRF/XSS vulnerability [+] Exploit Author : Ashiyane Digital Security Team [+] Date : 1.483 [+] Version : 2015/09/08 [+] Tested on : Elementary Os [+] Vendor Homepage : http://www.directadmin.com/ ============================================================================= [+] Introduction : DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier. DirectAdmin suffers from cross site request forgery and cross site scripting vulnerabilities ============================================================================= [+] CMD_FILE_MANAGER : [+] Users : Users are web hosting clients. They use DirectAdmin to configure their web site [+] Exploit 1: Create New File and Edit a file ----------------------------------------------------------------------------- [+] Exploit 3: Rename a file ----------------------------------------------------------------------------- [+] Exploit 4 : Reflected XSS ============================================================================= [+] CMD_FTP : [+] Users : Users are web hosting clients. They use DirectAdmin to configure their web site [+] Exploit : Create FTP account ============================================================================= [+] CMD_DB : [+] Users : Users are web hosting clients. They use DirectAdmin to configure their web site [+] Exploit : Create new Database ============================================================================= [+] CMD_DB : [+] Users : Users are web hosting clients. They use DirectAdmin to configure their web site [+] Exploit : Create new E-Mail Forwarder ============================================================================= [+] Discovered By : Ehsan Hosseini (hehsan979@gmail.com)