|
1. DESCRIPTION OF THE SOFTWARE
cPanel is a hosting automation tool.
WHM interface provides access to the heart of the cPanel and WHM package
and allows a Server Administrator to simply configure a few options and
be on their way to hosting web sites.
2. DESCRIPTION OF THE VULNERABILITY
There are XSS (identified by CVE-2008-2070) and CSRF (identified by
CVE-2008-2071) vulnerabilities on cPanel software.
On WHM there is a simple pattern for XSS defense, but this function
is not well implemented so it's possible to bypass it using a simple
cheat. This is a simple proof of concept:
>><<<<<<<<<<<