: IEDB Team

Directadmin ControlPanel DoS and XSS Vulns Exposed By Amir Of The IEDB Team

: IEDB Team

Iranian security researcher and IEDB Team member/IEDB/IrIsT.ir and Xssed.ir founder Amir has published a DoS vulnerability in the Directadmin ControlPanel software -http://www.directadmin.com- Directadmin is a web hosting control panel for the remote web-based administration of multiple web servers.

The vulnerability affects Directadmin ControlPanel version 1.50.1 and older. In this vulnerability, an attacker can input an unlimited length password in the password field of the DirectAdmin login screen -there is no limit on the number of characters entered- which causes DirectAdmin to crash. This problem is present in all versions of DirectAdmin.

An attacker could write a script to attack DDoS based on the following information :

$POC = A * 10000

Links to details :

Amir has also published recently a cross-site scripting vulnerability for Directadmin ControlPanel which enables an attacker to suspend or unsuspend users.

Links to details:

Other published vulnerabilities discovered by IEDB/IrIsT are here



Amir credits thanks to all of the following :

  • C0dex
  • B3hz4d
  • Beni_vanda
  • Mr_time
  • Bl4ck M4n
  • black_security
  • Yasser
  • Ramin Assadian
  • Black_Nofuzi
  • SecureHost
  • 1TED
  • Mr_Kelever
  • Mr_keeper
  • Mahmod
  • Iedb
  • Khashayar
  • B3hz4d4
  • Shabgard
  • Cl09er
  • Ramin Asadyan
  • Be_lucky
  • Moslem Haghighian
  • Dr_Iman
  • 8Bit
  • Javid
  • Esmiley_Amir
  • Mahdi_feizezade
  • Amin_Zohrabi
  • Shellshock3
  • And all my friends And All Member In Iedb.Ir Team
Amir -Amir Moosavi- is also associated with the Khestak Security Team -see our article here- and the Turk Black Hat team.

Websites & contacts :

http://iedb.ir     Iranian Exploit DataBase And Iranian Security Team
http://irist.ir     Register hacked sites
http://xssed.Ir  Vulnerability & attack information site -XSS and SQLi- 

Email : [email protected]
Amir Telegram : https://telegram.me/AmirAm67
IEDB Telegram : https://telegram.me/iedbteam

Article rating:



Write a Comment

Hosein)root Discovers XSS Vulnerability on Google Earth

On 25 November Hosein)root who asked ICNA publish his true name as Amir Hossein Sharbati on CX...

0 Comments | Read more +
35/000 Characters Tweet Shocks German Hackers!

Thinking that a person could send a tweet with more than 280 characters is more or less like a...

0 Comments | Read more +
4TT4CK3R Identifies Flaw in University of Tehran Website

Vulnerability researcher 4TT4CK3R discovered on 23 August a cross-ste scripting vulnerability ...

0 Comments | Read more +
: 4tt4ck3r Find Vuln In United Kingdom Government
4tt4ck3r Finds Flaw in UK Government Websites

Iranian hacker 4tt4ck3r has previously found Reflected XSS -Cross Site Script...

0 Comments | Read more +
: TYRANT Ransomware
Iranian TYRANT Ransomware

A new type of ransomware have been discovered on October 16 2017 which appear...

0 Comments | Read more +
: IoT Security Research Expertise
Iranian Expertise in IoT Security Research

Iranian academic security researchers at the ITRC (Information Technology Research Cen...

0 Comments | Read more +
: Mohammad Rezania -LinX64-
Android Security and Forensic Science by LinX64

A good article by Iranian academic is important step forward for people to understand security...

0 Comments | Read more +
: http://offsec.ir/writeups
OFFSEC Team Ice CTF Results

Offsec Research CTF Team: "Thinking out of t...

0 Comments | Read more +
Defacement of Hafez Institute of Higher Education by UnSec Team

ICNA was contacted yesterday, 19 October, by UnSec Team member Mostafa Asadi concerning the ha...

0 Comments | Read more +
Manoto Defaced by Cluwix

We can see in the picture that website of Manoto TV show "Stage" was hacked by Black Hat Hacke...

0 Comments | Read more +
: Eagle Security Team
Eagle Security Team Deface Shahrood University of Technology

MR 7KH4T of Iranian hacking group Eagle Security Team is mak...

0 Comments | Read more +
Iranian Black Hat Hackers Mass Deface Iran Sites

Hackers of the team Iranian Black Hat Hackers has make deface of many Iranian...

0 Comments | Read more +
: Iranian Cyber News Agency
New Website

Welcome to Iranian Cyber News Agency website.

New sections now include Vulnerability N...

0 Comments | Read more +
خبرگزاری سایبر ایران

در ب...

0 Comments | Read more +
SMS Virus Developed by Iranian Hacker Claims 100/000 Victims in Iran

In recent weeks a story that has attracted attention of many people has been the development a...

0 Comments | Read more +
: Atash Security Group
Atash Security Group Attack Irancell

The hacker and administrator Omid Killer of the Iranian hacker group ...

0 Comments | Read more +
: Eagle Security Team
Eagle Security Team Hack Saudi Sites

Latest Iranian cyber news from the Eagle Security Team shows that hackers hav...

0 Comments | Read more +
: Lord Hacking Team
Lord Hacking Team Attack Google Telegram & Acunetix

Iranian hackers of Lord Hacking Team is claim attack against:

  • ...

0 Comments | Read more +
: The Treadstone71 article names Hojjat Qalizadeh as the Manging Director of Rana Smart Computing
قربانیان ایرانی عملیات جاسوسی حکومت

0 Comments | Read more +
: Corrupt Kitten Logo

Iran Cyber News Agency was previously able to reveal the discovery of new malware targetin...

0 Comments | Read more +
Malware Made for Iranians: New Malware 'Corrupt Kitten' Used to Spy on Iranians

In this time when so many enemies are waging soft war against innocent Iranians using many exc...

0 Comments | Read more +
: Mohammad Mehdi Shah Mansouri
Iranian Hackers Accused of Attacking US

The US has continued its campaign against Iran hacker and cyber activists by indicting two mor...

0 Comments | Read more +
IEDB Holds Gatherings Nationwide

In recent weeks and months users and friends of the hardworking IEDB team which has very activ...

0 Comments | Read more +
: Eagle Security Team
Eagle Team

The Iranian Eagle Security Team security researchers is make exposed many SQL...

0 Comments | Read more +
: Kheshtak Security Team
Kheshtak Security Team - Story Continues

More than ever in the 21st century, knowledge is power and information is the force that contr...

0 Comments | Read more +
Termint Security Team Have New Website

Although they have history going back a few momnths the Termint Security Team...

0 Comments | Read more +