Jump to content
Nytro

C-Panel Cross Site Scripting

By Nytro, in Exploituri

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

C-Panel Cross Site Scripting

C-Panel suffers from a reflective cross site scripting vulnerability in manage.html.

CPanel Non Persistent XSS

Details
=============
Product: Cpanel
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: http://www.cpanel.net
Advisory-Status: NotPublished

Credits
=============
Discovered by: Rafay Baloch of RafayHackingArticles(RHA)

Affected Products:
=============
Cpanel's Latest Version

Description
=============
"Simploo website management."

More Details
=============
I have discsovered a non persistent Cross site scripting (XSS) inside
Cpanel,
the vulnerability can be easily exploited and can be used to steal cookies,
perform
phishing attacks and other various attacks compromising the security of a
user.

Proof of Concept
=============
Log into your CPanel accoutn and navigate to the following link:

https://localhost/frontend/x3/mail/manage.html?account=

Now insert your xss payload inside account parameter.

Exploit
=============

https://localhost/frontend/x3/mail/manage.html?account=%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSSBYRAFAY/%29;%3E

Solution
=============
Edit the source code to ensure that input is properly sanitised.

Timeline
================

Use of terms
================


-- 
Warm Regards,
Rafay Baloch

http://rafayhackingarticles.net
http://techlotips.com

Sursa: C-Panel Cross Site Scripting ? Packet Storm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...