Directadmin ControlPanel DoS and XSS Vulns Exposed By Amir Of The IEDB Team

Iranian security researcher and IEDB Team member/IEDB/ and founder Amir has published a DoS vulnerability in the Directadmin ControlPanel software - Directadmin is a web hosting control panel for the remote web-based administration of multiple web servers.

The vulnerability affects Directadmin ControlPanel version 1.50.1 and older. In this vulnerability, an attacker can input an unlimited length password in the password field of the DirectAdmin login screen -there is no limit on the number of characters entered- which causes DirectAdmin to crash. This problem is present in all versions of DirectAdmin.

An attacker could write a script to attack DDoS based on the following information :

$POC = A * 10000

Links to details :

Amir has also published recently a cross-site scripting vulnerability for Directadmin ControlPanel which enables an attacker to suspend or unsuspend users.

Links to details:

Other published vulnerabilities discovered by IEDB/IrIsT are here

Amir credits thanks to all of the following :

  • C0dex
  • B3hz4d
  • Beni_vanda
  • Mr_time
  • Bl4ck M4n
  • black_security
  • Yasser
  • Ramin Assadian
  • Black_Nofuzi
  • SecureHost
  • 1TED
  • Mr_Kelever
  • Mr_keeper
  • Mahmod
  • Iedb
  • Khashayar
  • B3hz4d4
  • Shabgard
  • Cl09er
  • Ramin Asadyan
  • Be_lucky
  • Moslem Haghighian
  • Dr_Iman
  • 8Bit
  • Javid
  • Esmiley_Amir
  • Mahdi_feizezade
  • Amin_Zohrabi
  • Shellshock3
  • And all my friends And All Member In Iedb.Ir Team
Amir -Amir Moosavi- is also associated with the Khestak Security Team -see our article here– and the Turk Black Hat team.

Websites & contacts :     Iranian Exploit DataBase And Iranian Security Team     Register hacked sites
http://xssed.Ir  Vulnerability & attack information site -XSS and SQLi-

Email : [email protected]
Amir Telegram :
IEDB Telegram :

Leave a Reply

Your email address will not be published. Required fields are marked *