The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security Bug

Discussion in 'cPanel Developers' started by noorolhoda, Dec 2, 2005.

  1. noorolhoda

    noorolhoda Active Member

    Joined:
    Jul 19, 2004
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Hello
    It seems that cpanel mod security add on have XSS bug!
    I find below in mod security log:

    profile.php?mode=<script>var%20wvs_xss_test_variable=187516428;alert(wvs_xss_test_variable);</script>

    when I was checking the log the code excuted and I receive an alert!!
    I think maybe some one can get the root session with XSS .

    Please let me know I,m right or no?
     
  2. cPanelBilly

    cPanelBilly Guest

    They cannot get root with this, however this will be fixed in next release.
     
  3. voip

    voip Member

    Joined:
    Apr 8, 2004
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I think there is another bug in the installer, it is using the wrong directory.

    /scripts/upcp

    The directory is modsecurity-apache-1.9.1

     
  4. Rafaelfpviana

    Rafaelfpviana Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brazil
    i had this fixed on my version about 2 months ago when i found this out, and it is possible 2 change root password with this bug
     
  5. cPanelBilly

    cPanelBilly Guest

    Are you still having this issue? I am showing that it was fixed awhile back.
     
  6. Rafaelfpviana

    Rafaelfpviana Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brazil
    no problem here, i fixed it myself a while ago and it is possible to change root's password with this bug.
     
  7. Rafaelfpviana

    Rafaelfpviana Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brazil
Loading...
Similar Threads - mod_security Bug
  1. ashworth102680
    Replies:
    2
    Views:
    390

Share This Page