============================================================================= # Title : DirectAdmin (1.491) CSRF Vulnerability # Date : 27-10-2014 updated 18-02-2016 # Version : >=1.491 # Author : Necmettin COSKUN =>@babayarisi # Blog    :http://ha.cker.io # Vendor : http://www.directadmin.com/ # Download: http://www.directadmin.com/demo.html ============================================================================= # info : DirectAdmin is a web-based hosting control panel. #As you can see original form doesn't include csrf protection or any secret token.
Username: E-Mail: Enter Password: Re-Enter Password: Send Email Notification: Edit Admin Message
#POC POC #POC # don't be evil! Discovered by: ================ Necmettin COSKUN  |GrisapkaGuvenlikGrubu|4ewa2getha!