WebhostSecurity.com
ARTICLES
› Lessons Learned - Defense
› Lessons Learned - Offense
› Finding Bugs 1 - Softaculous
› Finding Bugs 2 - cPanel + Horde
› uid/gid Reuse Multi Vendor Issue
› Finding the WordPress 2.1.1 Backdoor
› Discovering Cdorked.A on cPanel
OFFENSE
› AtMail
› BFD
› cPanel
› CSF
› DirectAdmin
› Installatron
› Juniper
› Kloxo
› OSSEC
› Softaculous
› WHMEZLogin
› WHMReseller
DEFENSE
› STFN - Suspicious /tmp File Notifier
› ELM - Exim Log Monitor
› RFID - Remote File Inclusion Detector
› Twitter


cPanel 10.9.x - XSS in cPanel Pro


DESCRIPTION

A forgotten XSS issue was found in one of the scripts included with cPanel Pro:

https://example.com:2083/frontend/x3/cpanelpro/


The script was possibly one of the following:

bluelagoon.html
changestatus.html
convert.html
doconvert.html
doscale.html
dothumbdir.html
editlists.html
editmsgs.html
filelist-convert.html
filelist-scale.html
filelist-thumbs.html
forwardlist.html
ignorelist.html
images.html
manage.html
msgaction.html
saveconf.html
savefile.html
scale.html
submitsupport.html
support.html
thumbdir.html
whitelist.html


IMPACT

A local cPanel user with javascript enabled in their web browser could potentially be tricked into issuing a request to cPanel. Also, if cookie auth for cPanel/WHM is enabled (skiphttpauth=1 in /var/cpanel/cpanel.config), that user's cookie could potentially be stolen and be used to log into that user's cPanel account. Cookie based auth is not enabled by default.


WebhostSecurity.com © 2009 - 2020