CentOS Web Panel 0.9.8.789 Cross Site Scripting

2019.03.31
Credit: DKM
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability # Google Dork: N/A # Date: 28 - March - 2019 # Exploit Author: DKM # Vendor Homepage: http://centos-webpanel.com # Software Link: http://centos-webpanel.com # Version: 0.9.8.789 # Tested on: CentOS 7 # CVE : CVE-2019-10261 # Description: CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via "DNS Functions" for "Edit Nameservers IPs" action. This is because the application does not properly sanitize the users input. # Steps to Reproduce: 1. Login into the CentOS Web Panel using admin credential. 2. From Navigation Click on "DNS Functions" -> then Click on "Edit Nameservers IPs" 3. In "Name Server 1" and "Name Server 2" field give simple payload as: <script>alert(1)</script> and Click Save Changes 4. Now one can see that the XSS Payload executed and even accessing the home page Stored XSS for nameservers executes.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top