Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Adminware, Control Panels :: bx3119.htm

Cpanel 11 - XSS and CSRF vulns



XSS and CSRF vulnerability on Cpanel 11
XSS and CSRF vulnerability on Cpanel 11



1. DESCRIPTION OF THE SOFTWARE

cPanel is a hosting automation tool.
WHM interface provides access to the heart of the cPanel and WHM package
and allows a Server Administrator to simply configure a few options and
be on their way to hosting web sites.

2. DESCRIPTION OF THE VULNERABILITY

There are XSS (identified by CVE-2008-2070) and CSRF (identified by
CVE-2008-2071) vulnerabilities on cPanel software.

On WHM there is a simple pattern for XSS defense, but this function
is not well implemented so it's possible to bypass it using a simple
cheat. This is a simple proof of concept:

>><<<<<<<<<<<

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH