lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20060205152816.23873.qmail@securityfocus.com>
Date: 5 Feb 2006 15:28:16 -0000
From: shell@...shell.net
To: bugtraq@...urityfocus.com
Subject: cPanel 10 handle.html XSS Vulnerability


mime/handle.html (usually https://www.example.com/cpanel/frontend/x/mime/handle.html) of cPanel 10 is vulnerable to an XSS vulnerability. This can be leveraged by entering an injected html into the extension and/or mime-type specified. I sucesfully leveraged this issue causing the page to execute the code <script>alert('hi')</script> each time. I also got it to properly display an image with the img-src tag. This is semipermanent because it stays on the page after the URL is left.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ