cPanel Error Log Malicious HTML Tags Injection

2003-07-06T03:46:44
ID OSVDB:2277
Type osvdb
Reporter Ory Segal(ory.segal@sanctuminc.com)
Modified 2003-07-06T03:46:44

Description

Vulnerability Description

cPanel contains a flaw that allows a remote attacker to embed malicious HTML tags in HTTP requests which will be processed by the administrative interface. The issue is due to malicious requests being logged without sanitizing and being passed to the error log screen or latest visitor screen. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 7.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

cPanel contains a flaw that allows a remote attacker to embed malicious HTML tags in HTTP requests which will be processed by the administrative interface. The issue is due to malicious requests being logged without sanitizing and being passed to the error log screen or latest visitor screen. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

GET /<script>alert(document.cookie);</script> HTTP/1.0 Host: www.site.com

GET /"></a><script>alert(document.cookie);</script> HTTP/1.0 Host: www.site.com

References:

Vendor URL: http://www.cpanel.net/ Vendor Specific Solution URL: http://www.cpanel.net/downloads.htm Other Advisory URL: http://www.securiteam.com/securitynews/5HP031PAKY.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-07/0053.html Keyword: XSS ISS X-Force ID: 12508 CVE-2003-0521 Bugtraq ID: 8119