cPanel (UNKNOWN VERSION) - XSS in /scripts2/getssldata



DESCRIPTION


Resellers could create SSL certificates which contained javascript in various fields. If root attempted to view the certificate via WHM, and if root had javascript enabled in their browser, XSS would have been possible.

[user@host ~]$ openssl x509 -in example.com.crt -noout -subject
subject=/C=GB/ST=<JAVASCRIPT>/L=<JAVASCRIPT>/O=<JAVASCRIPT>/OU=<JAVASCRIPT>/CN=example.com/emailAddress=<JAVASCRIPT>



IMPACT


Resellers could potentially cause requests to be issued to WHM, by root. This includes changing the root password of the server, and changing the resolvers in /etc/resolv.conf.