POC

============================================================================= # Title : DirectAdmin (1.491) CSRF Vulnerability # Date : 27-10-2014 updated 18-02-2016 # Version : >=1.491 # Author : Necmettin COSKUN =>@babayarisi # Blog :http://ha.cker.io # Vendor : http://www.directadmin.com/ # Download: http://www.directadmin.com/demo.html ============================================================================= # info : DirectAdmin is a web-based hosting control panel. #As you can see original form doesn't include csrf protection or any secret token. #POC POC #POC # don't be evil! Discovered by: ================ Necmettin COSKUN |GrisapkaGuvenlikGrubu|4ewa2getha!