RETIRED: DirectAdmin 'CMD_DOMAIN' Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

The following example URI is available:

https://www.example.com/CMD_DOMAIN?action=create&domain=<div style="border:1px solid red;width:300px;height:300px"
onmouseover="alert(dawid)"></div>aaa.pl&ubandwidth=unlimited&uquota=unlimited&cgi=ON&php=ON


 

Privacy Statement
Copyright 2010, SecurityFocus