cPanel and WHM Multiple Cross Site Scripting Vulnerabilities

cPanel and WHM Multiple Cross Site Scripting Vulnerabilities

cPanel is a Unix based fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of cPanel & WHM is 11.34, which is vulnerable to multiple cross site scripting.

During my bug hunting process, today I (Christy Philip Mathew) discovered some serious XSS vulnerabilities in  official cPanel, WHM. It also impact on the latest version of software.
This week, Rafay Baloch (Pakistani white hat hacker) also discovered another reflective cross site scripting vulnerability in cPanel at manage.html.
The interesting part would be the whole demonstration I done with the Official cPanel Demo located athttp://cpanel.net/demo/ location, can be accessed via demo user & password provided by cPanel website itself i.e. http://demo.cpanel.net:2086/login/?user=demo&pass=demo
These vulnerabilities actually affect the logged in users. Proof of Concept and screenshots are as shown below:
Cross Site scripting in Official WHM
  1. Login to WHM via : http://demo.cpanel.net:2086/login/?user=demo&pass=demo
  2. In left panel, click ‘Server Configuration’ and then ‘Basic cPanel & WHM Setup’ and new page will ask user to fill 4 Nameservers values regarding domain.
  3. Enter alert JavaScript in any of these four text boxes, as shown below and Submit
Cross Site scripting in Official cPanel
  1. Access the Official Cpanel Demo at http://x3demob.cpx3demo.com:2082/login/?user=x3demob&pass=x3demob
  2. Once logged in , access Bandwidth Transfer Detail (detailbw.html), and inject JavaScript in parameter “domain” or one can access this URL.
Cross Site scripting in WebMail server
  1. Similar way, access demo Webmail via URL : http://x3demob.cpx3demo.com:2082/xferwebmail/
  2. Once logged in XSS Vulnerable URL is : Click Here
  3. Here on page clientconf.html , the parameter “acct” is not filtered properly , as shown
More Details
  • Product: Cpanel & WHM
  • Security-Risk: High
  • Remote-Exploit: yes
  • Vendor-URL: http://www.cpanel.net
  • Affected Products: Cpanel’s Latest Version
  • Solution: Proper input sanitisation.
  • Discovered by: Christy Philip Mathew
Advertisements
Comments
3 Responses to “cPanel and WHM Multiple Cross Site Scripting Vulnerabilities”
  1. Andrew Pelt says:

    I simply want to tell you that I am just new to weblog and honestly enjoyed this blog. More than likely I’m planning to bookmark your site . You definitely have impressive posts. Regards for sharing with us your web page.

  2. Emmett Adrien says:

    I just want to say I am new to blogging and honestly enjoyed your web page. Very likely I’m likely to bookmark your blog . You actually come with tremendous articles. Appreciate it for sharing your web page.

  3. Hey there! I know this is sort of off-topic but I had to
    ask. Does building a well-established website like yours
    require a lot of work? I am brand new to blogging but I do write in my journal everyday.
    I’d like to start a blog so I can share my personal experience and views online.
    Please let me know if you have any kind of ideas or
    tips for new aspiring blog owners. Thankyou!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Blog Stats

    • 10,686 hits
  • Upcoming Events

    No upcoming events

%d bloggers like this: