cPanel 10 handle.html XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: cPanel 10 handle.html XSS Vulnerability
From: shell@xxxxxxxxxxxx
Date: 5 Feb 2006 15:28:16 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

mime/handle.html (usually 
https://www.example.com/cpanel/frontend/x/mime/handle.html) of cPanel 10 is 
vulnerable to an XSS vulnerability. This can be leveraged by entering an 
injected html into the extension and/or mime-type specified. I sucesfully 
leveraged this issue causing the page to execute the code 
<script>alert('hi')</script> each time. I also got it to properly display an 
image with the img-src tag. This is semipermanent because it stays on the page 
after the URL is left.

Prev by Date: Re: cleartext passwords get into log files
Next by Date: RE: cPanel Multiple Cross Site Scripting Vulnerability
Previous by thread: Re: CAIDA analysis on CME-24/BlackWorm
Next by thread: mailback script exploit
Index(es):
- Date
- Thread