cPanel

[Scott]

Hi,

I'm pretty sure I've found an XSS vuln. but I need to test on a few more servers. I have tested on my own, and 2 mates. All it does in my test is execute a javascript alert, so no harm would be done (though it could be given the right coding).

I'm not preparing to give out the exploit here openly on the forums, so if anyone (I doubt anyone will, but I promise you 100% it won't cause any problems) would like to create a tiny account for me to test on, then close it, please PM me the information.

Thanks in advance. You have my word everything will be fine.

For now though, I'm going bed. I'll be back in under 24 hours to *hope* for some PM's to test.

Thanks again!!

Scott.

 

[jroy]

sounds like risky business, whats a xss vuln??

 

[adam_uk]

best bet would be report it to cpanel themeseles and let them investigate with it

 

[nonenone]

yep u should report it to cpanel

 

[rampy]

Report it to cpanel.net if it works, do not post the code to the public.

 

[Blackpanther]

There is several XSS vulns in cpanel and have been there for a while.. Cpanel have been notified but dont seem to care as serveral older versions as well as the new ones contain the same vuln..

To Jroy: XSS is cross site scripting, it allows you to give a url that will execute code between the user and the server such as javascript.. the url contains the javascript code and the server will execute it.. it can be used for everything from account hijacking, changing of user settings, cookie theft, poisoning, false advertising the list goes on.. With a bit of creative imagination you can do quite a bit of damage with XSS.

-=BP=-

 

[Artico]

ProPanel is much better (I designed the site btw)

www.propanelsystems.com

Demo is out. Program/Service released very soon.

 

[Anthony]

Originally posted by Artico
ProPanel is much better (I designed the site btw)

www.propanelsystems.com

Demo is out. Program/Service released very soon.

Nice site design! How does this differ from cpanel?