The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Secunia XSS Vunerabilities

Discussion in 'General Discussion' started by nickp666, Aug 22, 2006.

  1. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
  2. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    Nope, but it looks low-impacting. To run the exploit scripts, you'll need to be logged into cPanel and only "you" would be affected. I can't see any disclosure of information the user would not be already able to access.

    The only possible thing would be something like tagging onto the end of an exploit link a javascript or reference to a third party site to maybe, possibly, still authenticate credientials. Admittedly, the user (who would still have to login to cPanel) would have to click on that link to get it in affect, but still low impacting IMHO.

    (Should still be patched though ;) )
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I've seen several such "exploits" in secunia that never make it onto vulndev or bugtraq that are hardly worthy of the name. If anything, they're simply bugs. From the way I read it, you can basically exploit yourself, since as richy points out, you have to be authenticated anyway.
     
    #3 chirpy, Aug 22, 2006
    Last edited: Aug 22, 2006
  4. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    I was aware of it only being an issue to a logged in user, and I have to agree with chirpy about secunia's 'vunerabilities' being a bit on the monkey side just thought I'd post it to bring it to people attention, thanks guys
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Do keep posting them if you find them, they're usually good for a chuckle ;)
     

Share This Page