Alabanza Control Panel Domain Modification Vulnerability

Alabanza is a web hosting provider that offers automated solutions for virtual domain hosting. A vulnerability exists in the software implemented for automated domain administration.

Modification, deletion, and addition of domains and MX and CNAME records associated with Alabanza hosts and resellers does not require valid authentication and can be conducted by any remote user.

Access to the Control Panel which handles administrative controls for domains associated with Alabanza does not require a username and password if specially crafted URLs are requested (see the exploit tab for further details).


 

Privacy Statement
Copyright 2010, SecurityFocus