Bugtraq mailing list archives
cPanel 10 handle.html XSS Vulnerability
From: shell () dotshell net
Date: 5 Feb 2006 15:28:16 -0000
mime/handle.html (usually https://www.example.com/cpanel/frontend/x/mime/handle.html) of cPanel 10 is vulnerable to an XSS vulnerability. This can be leveraged by entering an injected html into the extension and/or mime-type specified. I sucesfully leveraged this issue causing the page to execute the code <script>alert('hi')</script> each time. I also got it to properly display an image with the img-src tag. This is semipermanent because it stays on the page after the URL is left.
Current thread:
- cPanel 10 handle.html XSS Vulnerability shell (Feb 06)