来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] CPanel Non Persistent XSSDetails=============Product: CpanelSecurity-Risk: HighRemote-Exploit: yesVendor-URL: http://www.cpanel.netAdvisory-Status: NotPublishedCredits=============Discover......
CPanel Non Persistent XSS
Details
=============
Product: Cpanel
Security-Risk: High
Remote-Exploit: yes
Vendor-URL: http://www.cpanel.net
Advisory-Status: NotPublished
Credits
=============
Discovered by: Rafay Baloch of RafayHackingArticles(RHA)
影响产品:
=============
Cpanel's Latest Version
Description
=============
"Simploo website management."
More Details
=============
I have discsovered a non persistent Cross site scripting (XSS) inside
Cpanel,
the vulnerability can be easily exploited and can be used to steal cookies,
perform
phishing attacks and other various attacks compromising the security of a
user.
证明
=============
Log into your CPanel accoutn and navigate to the following link:
https://localhost/frontend/x3/mail/manage.html?account=
Now insert your xss payload inside account parameter.
Exploit
=============
https://www.2cto.com /frontend/x3/mail/manage.html?account=%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSSBYRAFAY/%29;%3E
修复方案
=============
Edit the source code to ensure that input is properly sanitised.
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com