CPanel Multiple Cross Site Scription

2006.11.15

Credit: Aria-security Team

Risk: High

Local: No

Remote: Yes

CVE: CVE-2006-5883

CWE: CWE-Other

CVSS Base Score: 3.5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 6.8/10

Exploit range: Remote

Attack complexity: Medium

Authentication: Single time

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory : http://aria-security.net/advisory/cpanel.txt
#-----------------------------------------------------------
#Software: CPanel
#Tested On CPanel 10
#CPanel file Manager:
#PoC:
     http://target.com:2082/frontend/[Servername]/files/seldir.html?dir=[XSS]

#CPanel Password Protect DIRS :
#PoC: 
	http://target.com:2082/frontend/[servername]/htaccess/newuser.html?user=
[XSS]&pass=&dir=A VALID FOLDER 
*Press Go Back (hyperlink)
#In Password Protected DIR:
#PoC:
	http://www.target:2082/frontend/[servername]/htaccess/newuser.html?user=
[XSS]&pass=&dir=[XSS]
#
#P.S : Attacker must be authenticated
#
#Contact: Advisory (at) aria-security (dot) net [email concealed]

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

CPanel Multiple Cross Site Scription

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

CPanel Multiple Cross Site Scription

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.