Cpanel cross site scripting vulnerability

**driverC** · 08-12-2008 03:10 AM

One can add HTML code to the .lastlogin file. If the root user logs in to this Cpanel user's account the HTML code in the .lastlogin file is shown in the root user's browser. This may be used to read out session information and gain root access or trick the root user into entering the root password again etc. etc.

Please fix this as soon as possible ! And no, I am not going to submit a bugzilla report cause every time I try I get an error message.

**cpanelkenneth** · 08-13-2008 01:04 PM

Originally Posted by driverC

One can add HTML code to the .lastlogin file. If the root user logs in to this Cpanel user's account the HTML code in the .lastlogin file is shown in the root user's browser. This may be used to read out session information and gain root access or trick the root user into entering the root password again etc. etc.

Please fix this as soon as possible ! And no, I am not going to submit a bugzilla report cause every time I try I get an error message.

Security related matters should be directed to security@cpanel.net

This issue will be addressed. Thank you.

LinkBack

Thread Tools

Cpanel cross site scripting vulnerability

cPanel "fileop" Cross-Site Scripting Vulnerability

cPanel Multiple Cross-Site Scripting Vulnerabilities

cPanel User Parameter Cross-Site Scripting Vulnerability [old]

cPanel cpsrvd.pl Cross-Site Scripting Vulnerability

Security vulnerability: phpMyAdmin Cross-Site Scripting Vulnerabilities