[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in software for Alabanza resellers

Title: Vulnerability in software for Alabanza resellers
Released by:
Date: 22nd September 2000
Printable version: Click here 
Vulnerability: Ability to add/modify domains in name servers of webhosting

               companies who are reselling for Alabanza.



Vendor Contacted:  Yes, 09-14-99 - Hole still exists.



==========================================================================

Hello everyone,  I currently discovered a serious bug in the control

panel that can really bring a webhost to it's knees.  This hole is for the

control panel of all Alabanza based resellers/hosts.  There could be more

bugs but I did not take the time to find them yet.  This is serious enough

since you can delete all resold domains for a particulr webhosting

company.  You can also change the default MX and CNAME records of all

associated domains.



By copying the following url to *most* alabanza host resellers, you have

the ability to add a domain to their NS without the control panel user

name and password:



http://www.domain.com/cp/rac/nsManager.cgi?Domain=HAHAHA.org&IP=127.0.0.1&OP=add&Language=english&Submit=Confirm

*The above link has been broken to prevent abuse. If you are an Alabanza

based host/reseller, you can easily fix it*



I have tested this on multiple domains and so far, most of them worked.

You can substitute domain.com for any Alabanza host/reseller domain and

for the domain you want DNS set up for, substitute HAHAHA.org for it.  I

also changed the ip to localhost instead of whatever was in there.  The ip

you put after IP= is the ip the domain will resolve to.



Here is an example after typing in the above fixed link with a proper

Alabanza domain in the beginning.



Name Server Manager

Domain HAHAHA.org will be added within 1 hour!

Your domain HAHAHA.org 127.0.0.1 will be setup within 1 hour!



Please click here to go back.



After the submission of the domain, you are even given a link to take a

look at the changes to be made.  From this page, you can delete as well

as modify all associated domains:



http://www.domain.com/cp/rac/nsManager.cgi?Language=english

*Again, it's been broken*



Again, no user name and password is required.



This is one of the exploits I have currently found in the control panel.

I have not looked further since this notice should make everyone aware of

what potential problems can exist.  Serious damage to a host can be caused

through this.



If you would like to get it fixed, you better email the admins at

Alabanza.  It's been more than a week since I have contacted them and no

fix yet.  Hopefully, this will speed them up.



Weihan Leow






(C) 1999-2000 All rights reserved.