cPanel is a Unix based fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of cPanel & WHM is 11.34, which is vulnerable to multiple cross site scripting.
This week, Rafay Baloch (Pakistani white hat hacker) also discovered another reflective cross site scripting vulnerability in cPanel at manage.html.
The interesting part would be the whole demonstration I done with the Official cPanel Demo located athttp://cpanel.net/demo/ location, can be accessed via demo user & password provided by cPanel website itself i.e. http://demo.cpanel.net:2086/login/?user=demo&pass=demo
These vulnerabilities actually affect the logged in users. Proof of Concept and screenshots are as shown below:
Cross Site scripting in Official WHM
- Login to WHM via : http://demo.cpanel.net:2086/login/?user=demo&pass=demo
- In left panel, click 'Server Configuration' and then 'Basic cPanel & WHM Setup' and new page will ask user to fill 4 Nameservers values regarding domain.
Cross Site scripting in Official cPanel
- Access the Official Cpanel Demo at http://x3demob.cpx3demo.com:2082/login/?user=x3demob&pass=x3demob
Cross Site scripting in WebMail server
- Similar way, access demo Webmail via URL : http://x3demob.cpx3demo.com:2082/xferwebmail/
- Once logged in XSS Vulnerable URL is : Click Here
- Here on page clientconf.html , the parameter "acct" is not filtered properly , as shown