C-Panel Cross Site Scripting - 网站安全 - 自学php

CPanel Non Persistent XSS

 

Details

=============

Product: Cpanel

Security-Risk: High

Remote-Exploit: yes

Vendor-URL: http://www.cpanel.net

Advisory-Status: NotPublished

 

Credits

=============

Discovered by: Rafay Baloch of RafayHackingArticles(RHA)

 

影响产品:

=============

Cpanel's Latest Version

 

Description

=============

"Simploo website management."

 

More Details

=============

I have discsovered a non persistent Cross site scripting (XSS) inside

Cpanel,

the vulnerability can be easily exploited and can be used to steal cookies,

perform

phishing attacks and other various attacks compromising the security of a

user.

 

证明

=============

Log into your CPanel accoutn and navigate to the following link:

 

https://localhost/frontend/x3/mail/manage. html ?account=

 

Now insert your xss payload inside account parameter.

 

Exploit

=============

 

https://www.2cto.com /frontend/x3/mail/manage.html?account=%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSSBYRAFAY/%29;%3E

 

修复方案

=============

Edit the source code to ensure that input is properly sanitised. 

查看更多关于C-Panel Cross Site Scripting - 网站安全 - 自学php的详细内容...