##################################################### =0D
## =0D
## << Multiple cross site script >> =0D
## =0D
## C P A N E L 1 0 =0D
## =0D
## Preth00nker [at] gmail [dot] com=0D
## BY PRETH00NKER =0D
## http://mexhackteam.org =0D
## =0D
## special dedication for my friends of: =0D
## <> =0D
## =0D
## =0D
###################################################### =0D
=0D
[ introduction ] =0D
=0D
Preth00nker was discovering some news vulnerabilities in cpanel 10. =0D
Cite: cPanel allows domain owners to manage and monitor their web site. =0D
This easy to use interface is packed full of useful features. Inside =0D
cPanel, domain owners can control their web site to a degree which was =0D
never before possible. cPanel gives domain owners a flexibility beyond =0D
that of the competition. =0D
Refer:http://www.cpanel.net/products/cPanelandWHM/linux/cpanelov.htm =0D
=0D
=0D
[ Explanations: ] =0D
=0D
Exploit #1: http://[Target:port]/frontend/x/htaccess/dohtaccess.html?dir=>[Your Code here] =0D
Condition's labels: just a ! > ! next the script. =0D
In first case we can see that an error happen in the $dir variable =0D
inside 'dohtaccess.html' file; When the applications can't find the =0D
folder that you request the script =0D
print next code in the checkbox =0D
=0D
//------------ Start ------------------- =0D
[Your">http://[Target:port]/frontend/x/files/editit.html?dir=/&file=">[Your Code here] =0D
Condition's labels: just a ! "> ! next the script. =0D
every time the script is printing something like this =0D
=0D
//------------ Start ------------------- =0D
Save file as: =0D
\\------------- EOF -------------------- =0D
=0D
in this case, too we can see that the $file variable inside =0D
'editit.html' file is not filtrated of a secure way, just is =0D
necessary that close the textarea for that an attacker can insert =0D
a script into the page. =0D
=0D
=0D
=0D
Exploit #3: http://[Target:port]/frontend/x/files/showfile.html?dir=/&file=[Your Code here] =0D
Condition's labels: without !