GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Heads up! - Exensive cPanel Cross Site Scripting (https://gfy.com/showthread.php?t=261325)

erehwon 03-30-2004 02:41 AM
Heads up! - Exensive cPanel Cross Site Scripting
 
Just in case you missed this...

http://archives.neohapsis.com/archiv...4-q1/0069.html


cPanel 9.1.0-R85 is vulnerable to Cross Site Scripting (XSS) in almost every
field which is returned to the browser. This could allow a user to create a
specially crafted URL that would execute arbitrary code in a user's browser
within the trust relationship between the browser and the server, leading to a
loss of integrity.

cPanel supports filtering of HTML and scripts in input variables, but according
to cPanel was not enabled in order to support third-party themes. In the
interest of properly securing cPanel, the developers have decided to enable
HTML filtering as of the first release in the April 1, 2004 EDGE release.

Systems Affected:
cPanel 9.1.0-R85

Technical Description:
Multiple variables in multiple cPanel programs do not filter user supplied
input. This could allow an attacker to perform Cross Site Scripting (XSS)
attacks against users of the cPanel system.


To check cPanel for CSS, simply access the following example URLs in a browser:

[...]

I can't get things to play nice here, best to check out the above URL for the complete skinny.

One more site for the bookmarks file
Open Source Vulnerability Database
http://www.osvdb.org :thumbsup

The Sex Pusher 03-30-2004 03:12 PM
:thumbsup

Im not sure why anyone would release a product on april 1st


All times are GMT -7. The time now is 07:59 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123