LinkBack URL
About LinkBacksanyone seen this?
http://secunia.com/advisories/21592/
Secunia XSS Vunerabilities
anyone seen this?
http://secunia.com/advisories/21592/
Nope, but it looks low-impacting. To run the exploit scripts, you'll need to be logged into cPanel and only "you" would be affected. I can't see any disclosure of information the user would not be already able to access.
The only possible thing would be something like tagging onto the end of an exploit link a javascript or reference to a third party site to maybe, possibly, still authenticate credientials. Admittedly, the user (who would still have to login to cPanel) would have to click on that link to get it in affect, but still low impacting IMHO.
(Should still be patched though)
I've seen several such "exploits" in secunia that never make it onto vulndev or bugtraq that are hardly worthy of the name. If anything, they're simply bugs. From the way I read it, you can basically exploit yourself, since as richy points out, you have to be authenticated anyway.
Last edited by chirpy; 08-22-2006 at 11:27 AM.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
I was aware of it only being an issue to a logged in user, and I have to agree with chirpy about secunia's 'vunerabilities' being a bit on the monkey side just thought I'd post it to bring it to people attention, thanks guys
Do keep posting them if you find them, they're usually good for a chuckle
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Reply With Quote