Home / os / solaris

cpanel10-xss.txt

Posted on 14 November 2006

#Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory : http://aria-security.net/advisory/cpanel.txt #----------------------------------------------------------- #Software: CPanel #Tested On CPanel 10 #CPanel file Manager: #PoC: http://target.com:2082/frontend/[Servername]/files/seldir.html?dir=[XSS] #CPanel Password Protect DIRS : #PoC: http://target.com:2082/frontend/[servername]/htaccess/newuser.html?user=[XSS]&pass=&dir=A VALID FOLDER *Press Go Back (hyperlink) #In Password Protected DIR: #PoC: http://www.target:2082/frontend/[servername]/htaccess/newuser.html?user=[XSS]&pass=&dir=[XSS] # #P.S : Attacker must be authenticated # #Contact: Advisory@aria-security.net

 

TOP