Praetorian503 Posted December 28, 2012 Report Posted December 28, 2012 C-Panel suffers from a reflective cross site scripting vulnerability in dir.html.Details=============Product: CpanelSecurity-Risk: HighRemote-Exploit: yesVendor-URL: http://www.cpanel.netAdvisory-Status: NotPublishedCredits=============Discovered by: Rafay Baloch of RafayHackingArticles(RHA)Affected Products:=============Cpanel's Latest VersionDescription============="Simple website management."More Details=============I have discsovered a non persistent Cross site scripting (XSS) insideCpanel,the vulnerability can be easily exploited and can be used to steal cookies,performphishing attacks and other various attacks compromising the security of auser.Proof of Concept=============Log into your CPanel accoutn and navigate to the following link:https://gator1347.hostgator.com:2083/frontend/x3/files/dir.html?showhidden=1&dir=Now insert your xss payload inside Dir parameter.Exploit=============https://localhost/frontend/x3/files/dir.html?showhidden=1&dir=%3Cimg%20src=x%20onerror=prompt%280%29;%3ESolution=============Edit the source code to ensure that input is properly sanitized.Source: Packet Storm Quote