The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Multiple Cross-Site Scripting Vulnerabilities

Discussion in 'General Discussion' started by leorevenda, Aug 21, 2006.

Thread Status:
Not open for further replies.
  1. leorevenda

    leorevenda Active Member
    PartnerNOC

    Joined:
    Jan 24, 2004
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    I see this today on secunia.com website:

    Secunia Advisory: SA21592 Print Advisory
    Release Date: 2006-08-21

    Critical:
    Less critical
    Impact: Cross Site Scripting
    Where: From remote
    Solution Status: Unpatched

    Software: cPanel 10.x

    -----
    Description:
    Preth00nker has reported some vulnerabilities in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks.

    Input passed to the "dir" parameter in dohtaccess.html and to the "file" parameter in editit.html and showfile.html is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

    Examples:
    http://[host]:2082/frontend/x/htaccess/dohtaccess.html?dir=
    Code:
    http://[host]:2082/frontend/x/files/editit.html?dir=/&file=[code]
    http://[host]:2082/frontend/x/files/showfile.html?dir=/&file=[code]
    
    Solution:
    Filter malicious characters and character sequences in a web proxy.
    
    Provided and/or discovered by:
    Preth00nker
    
    ----
    more details:
    http://secunia.com/advisories/21592/
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
Loading...
Thread Status:
Not open for further replies.

Share This Page