The Hacker News Logo
Subscribe to Newsletter

cPanel and WHM Multiple Cross Site Scripting Vulnerabilities

cPanel is a Unix based fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of cPanel & WHM is 11.34, which is vulnerable to multiple cross site scripting.

During my bug hunting process, today I (Christy Philip Mathew) discovered some serious XSS vulnerabilities in  official cPanel, WHM. It also impact on the latest version of software.

This week, Rafay Baloch (Pakistani white hat hacker) also discovered another reflective cross site scripting vulnerability in cPanel at manage.html.

The interesting part would be the whole demonstration I done with the Official cPanel Demo located at http://cpanel.net/demo/ location, can be accessed via demo user & password provided by cPanel website itself i.e. http://demo.cpanel.net:2086/login/?user=demo&pass=demo

These vulnerabilities actually affect the logged in users. Proof of Concept and screenshots are as shown below:

Cross Site scripting in Official WHM
  1. Login to WHM via : http://demo.cpanel.net:2086/login/?user=demo&pass=demo
  2. In left panel, click 'Server Configuration' and then 'Basic cPanel & WHM Setup' and new page will ask user to fill 4 Nameservers values regarding domain.
  3. Enter alert JavaScript in any of these four text boxes, as shown below and Submit




Cross Site scripting in Official cPanel
  1. Access the Official Cpanel Demo at http://x3demob.cpx3demo.com:2082/login/?user=x3demob&pass=x3demob
  2. Once logged in , access Bandwidth Transfer Detail (detailbw.html), and inject JavaScript in parameter "domain" or one can access this URL.



Cross Site scripting in WebMail server
  1. Similar way, access demo Webmail via URL : http://x3demob.cpx3demo.com:2082/xferwebmail/
  2. Once logged in XSS Vulnerable URL is : Click Here
  3. Here on page clientconf.html , the parameter "acct" is not filtered properly , as shown



More Details

  • Product: Cpanel & WHM
  • Security-Risk: High
  • Remote-Exploit: yes
  • Vendor-URL: http://www.cpanel.net
  • Affected Products: Cpanel's Latest Version
  • Solution: Proper input sanitisation.
  • Discovered by: Christy Philip Mathew, Security researcher @ The Hacker News
Photo of Mohit Kumar Hacker News - Founder and Editor-in-Chief of 'The Hacker News'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker. ()

SHARE
Comments
Latest Stories
Top Deals

Always First — Subscribe

Over 500,000 Information Security professional read and trust our news platform. Join them and get all latest hacking news, free eBooks delivered to your inbox - free!