This hole is for the control panel of all Alabanza based resellers/hosts. There could be more bugs. This is serious enough since you can delete all resold domains for a particulr webhosting company. You can also change the default MX and CNAME records of all associated domains.
53801f2b11521cbfb88f3a244efe6da453e8cf7c77bc1c4480c79b3231bb1fc6
Vulnerability: Ability to add/modify domains in name servers of webhosting
companies who are reselling for Alabanza.
Vendor Contacted: Yes, 09-14-99 - Hole still exists.
==========================================================================
Hello everyone, I currently discovered a serious bug in the control
panel that can really bring a webhost to it's knees. This hole is for the
control panel of all Alabanza based resellers/hosts. There could be more
bugs but I did not take the time to find them yet. This is serious enough
since you can delete all resold domains for a particulr webhosting
company. You can also change the default MX and CNAME records of all
associated domains.
By copying the following url to *most* alabanza host resellers, you have
the ability to add a domain to their NS without the control panel user
name and password:
http://www.domain.com/cp/rac/nsManager.cgi?Domain=HAHAHA.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm
*The above link has been broken to prevent abuse. If you are an Alabanza
based host/reseller, you can easily fix it*
I have tested this on multiple domains and so far, most of them worked.
You can substitute domain.com for any Alabanza host/reseller domain and
for the domain you want DNS set up for, substitute HAHAHA.org for it. I
also changed the ip to localhost instead of whatever was in there. The ip
you put after IP= is the ip the domain will resolve to.
Here is an example after typing in the above fixed link with a proper
Alabanza domain in the beginning.
Name Server Manager
Domain HAHAHA.org will be added within 1 hour!
Your domain HAHAHA.org 127.0.0.1 will be setup within 1 hour!
Please click here to go back.
After the submission of the domain, you are even given a link to take a
look at the changes to be made. From this page, you can delete as well
as modify all associated domains:
http://www.domain.com/cp/rac/nsManager.cgi?Language=english
*Again, it's been broken*
Again, no user name and password is required.
This is one of the exploits I have currently found in the control panel.
I have not looked further since this notice should make everyone aware of
what potential problems can exist. Serious damage to a host can be caused
through this.
If you would like to get it fixed, you better email the admins at
Alabanza. It's been more than a week since I have contacted them and no
fix yet. Hopefully, this will speed them up.
Weihan Leow
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed