Home page logo
/

bugtraq logo Bugtraq mailing list archives

Major Vulnerability in Alabanza Control Panel
From: Weihan Leow <wleow () BUFFALO EDU>
Date: Sun, 24 Sep 2000 17:12:26 -0400

Vulnerability: Ability to add/modify domains in name servers of webhosting
               companies who are reselling for Alabanza.

Vendor Contacted:  Yes, 09-14-99 - Hole still exists.

==========================================================================
Hello everyone,  I currently discovered a serious bug in the control
panel that can really bring a webhost to it's knees.  This hole is for the
control panel of all Alabanza based resellers/hosts.  There could be more
bugs but I did not take the time to find them yet.  This is serious enough
since you can delete all resold domains for a particulr webhosting
company.  You can also change the default MX and CNAME records of all
associated domains.

By copying the following url to *most* alabanza host resellers, you have
the ability to add a domain to their NS without the control panel user
name and password:

http://www.domain.com/cp/rac/nsManager.cgi?Domain=HAHAHA.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm
*The above link has been broken to prevent abuse. If you are an Alabanza
based host/reseller, you can easily fix it*

I have tested this on multiple domains and so far, most of them worked.
You can substitute domain.com for any Alabanza host/reseller domain and
for the domain you want DNS set up for, substitute HAHAHA.org for it.  I
also changed the ip to localhost instead of whatever was in there.  The ip
you put after IP= is the ip the domain will resolve to.

Here is an example after typing in the above fixed link with a proper
Alabanza domain in the beginning.

Name Server Manager
Domain HAHAHA.org will be added within 1 hour!
Your domain HAHAHA.org 127.0.0.1 will be setup within 1 hour!

Please click here to go back.

After the submission of the domain, you are even given a link to take a
look at the changes to be made.  From this page, you can delete as well
as modify all associated domains:

http://www.domain.com/cp/rac/nsManager.cgi?Language=english
*Again, it's been broken*

Again, no user name and password is required.

This is one of the exploits I have currently found in the control panel.
I have not looked further since this notice should make everyone aware of
what potential problems can exist.  Serious damage to a host can be caused
through this.

If you would like to get it fixed, you better email the admins at
Alabanza.  It's been more than a week since I have contacted them and no
fix yet.  Hopefully, this will speed them up.

Weihan Leow


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]