Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
New vulnerabilities in cPanel New vulnerabilities in cPanel
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 08-22-2006, 07:53 AM   #1
ScannerX
Registered User
 
Join Date: Feb 2006
Posts: 73
New vulnerabilities in cPanel
New vulnerabilities in cPanel which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "dir" parameter in dohtaccess.html and to the "file" parameter in editit.html and showfile.html is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Examples:
http://[host]:2082/frontend/x/ht...cess.html?dir=[code]
http://[host]:2082/frontend/x/files/editit.html?dir=/&file=[code]
http://[host]:2082/frontend/x/files/showfile.html?dir=/&file=[code]
__________________
ScannerX is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-22-2006, 08:34 AM   #2
Lycanthrope
Confirmed User
 
Lycanthrope's Avatar
 
Industry Role:
Join Date: Jan 2004
Location: Wisconsin
Posts: 4,517
cPanel is the Windows of control panels
__________________
Lycanthrope is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 08-22-2006, 08:35 AM   #3
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,172
Welcome to several months ago
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2007, 12:42 PM   #4
Ange
Registered User
 
Join Date: Jan 2006
Posts: 44
thanks for the info
Ange is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-04-2007, 02:10 PM   #5
Fap
Just Du It
 
Fap's Avatar
 
Industry Role:
Join Date: Feb 2004
Posts: 12,094
good find, thanks for info
Fap is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
New vulnerabilities in cPanel New vulnerabilities in cPanel
« Previous Thread | Next Thread »

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.