The Hacker News Logo
Subscribe to Newsletter

cPanel and WHM Multiple Cross Site Scripting Vulnerabilities

cPanel is a Unix based fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of cPanel & WHM is 11.34, which is vulnerable to multiple cross site scripting.

During my bug hunting process, today I (Christy Philip Mathew) discovered some serious XSS vulnerabilities in  official cPanel, WHM. It also impact on the latest version of software.

This week, Rafay Baloch (Pakistani white hat hacker) also discovered another reflective cross site scripting vulnerability in cPanel at manage.html.

The interesting part would be the whole demonstration I done with the Official cPanel Demo located at http://cpanel.net/demo/ location, can be accessed via demo user & password provided by cPanel website itself i.e. http://demo.cpanel.net:2086/login/?user=demo&pass=demo

These vulnerabilities actually affect the logged in users. Proof of Concept and screenshots are as shown below:

Cross Site scripting in Official WHM
  1. Login to WHM via : http://demo.cpanel.net:2086/login/?user=demo&pass=demo
  2. In left panel, click 'Server Configuration' and then 'Basic cPanel & WHM Setup' and new page will ask user to fill 4 Nameservers values regarding domain.
  3. Enter alert JavaScript in any of these four text boxes, as shown below and Submit




Cross Site scripting in Official cPanel
  1. Access the Official Cpanel Demo at http://x3demob.cpx3demo.com:2082/login/?user=x3demob&pass=x3demob
  2. Once logged in , access Bandwidth Transfer Detail (detailbw.html), and inject JavaScript in parameter "domain" or one can access this URL.



Cross Site scripting in WebMail server
  1. Similar way, access demo Webmail via URL : http://x3demob.cpx3demo.com:2082/xferwebmail/
  2. Once logged in XSS Vulnerable URL is : Click Here
  3. Here on page clientconf.html , the parameter "acct" is not filtered properly , as shown



More Details

  • Product: Cpanel & WHM
  • Security-Risk: High
  • Remote-Exploit: yes
  • Vendor-URL: http://www.cpanel.net
  • Affected Products: Cpanel's Latest Version
  • Solution: Proper input sanitisation.
  • Discovered by: Christy Philip Mathew, Security researcher @ The Hacker News
Photo of Mohit Kumar Hacker News - Founder and Editor-in-Chief of 'The Hacker News'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker. ()


Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.