cPanel & WebHost Manager (WHM) is a next generation web hosting control panel system. Both cPanel & WHM are extremely feature rich as well as include an easy to use web based interface.
###vulnerability Description###
Authenticated users are able to run cross-site scripting attacks. I noticed this vulnerability when trying to password protect a dictory. Here is an example of how you could run script on the cpanel server
####################################################
#Advisory Name: Cpanel Request Lets Authenticated Users Conduct Cross-#Site Scripting Attacks
#Discovered by: Fable
#Greets: 0x29A Crew, !AM Crew, Atomix, d3thstar, mgrd, rootthief.com.
#Versions: ??
####################################################
###Description###
cPanel & WebHost Manager (WHM) is a next generation web hosting control panel system. Both cPanel & WHM are extremely feature rich as well as include an easy to use web based interface.
###vulnerability Description###
Authenticated users are able to run cross-site scripting attacks. I noticed this vulnerability when trying to password protect a dictory. Here is an example of how you could run script on the cpanel server
http://targetserver.com:2082/frontend/x/htaccess/dohtaccess.html?dir=>&l
t;script>alert(0x29A Crew)</script>
You are able to run all sorts of HTML on the target server, iframes, ect.
-Fable [fable (at) hush (dot) com [email concealed]]
[ reply ]