Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel User Parameter Cross-Site Scripting Vulnerability [old]

Discussion in 'General Discussion' started by maaking, Jul 16, 2005.

  1. maaking

    maaking Member

    Joined:
    May 28, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    151
    No exploit is required.

    The following proof of concept has been provided:
    http://www.example.com:2082/login?user=**<script>JavaScript:alert(document.cookie);</script>


    It is reported that cPanel is prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'user' parameter of the 'login' page.

    Due to the possibility of attacker-specified HTML and script code being rendered in a victim's browser, it is possible to steal cookie-based authentication credentials from that user. Other attacks are possible as well.


    Solution:
    Currently we are not aware of any patches for this issue.

    read this for more:
    http://www.securityfocus.com/bid/13996/exploit
     
  2. challii

    challii Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    156
    Did you actually read any of this article? Check bugzilla before posting here? check the changelog?

    Well if you had then you would realise that this only effects old versions of cPanel, and since this security release was published nearly a month ago... please dont post rubbish!
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Indeed, it was fixed a long time ago.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice