WebhostSecurity.com
ARTICLES
› Lessons Learned - Defense
› Lessons Learned - Offense
› Finding Bugs 1 - Softaculous
› Finding Bugs 2 - cPanel + Horde
› uid/gid Reuse Multi Vendor Issue
› Finding the WordPress 2.1.1 Backdoor
› Discovering Cdorked.A on cPanel
OFFENSE
› AtMail
› BFD
› cPanel
› CSF
› DirectAdmin
› Installatron
› Juniper
› Kloxo
› OSSEC
› Softaculous
› WHMEZLogin
› WHMReseller
DEFENSE
› STFN - Suspicious /tmp File Notifier
› ELM - Exim Log Monitor
› RFID - Remote File Inclusion Detector
› Twitter


cPanel 11.23.1-EDGE_24773 - XSS in /download


DESCRIPTION

XSS in cPanel:

https://example.com:2083/download<XSS>


IMPACT

A local cPanel user with javascript enabled in their web browser could potentially be tricked into issuing a request to cPanel. Also, if cookie auth for cPanel/WHM is enabled (skiphttpauth=1 in /var/cpanel/cpanel.config), that user's cookie could potentially be stolen and be used to log into that user's cPanel account. cookie auth is not enabled by default.


WebhostSecurity.com © 2009 - 2017