SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   cPanel Vendors:   cPanel, Inc.
cPanel Input Validation Hole in Entropy Chat Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1015157
SecurityTracker URL:  http://securitytracker.com/id/1015157
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 5 2005
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Tested on 10.2.0-R82 and 10.6.0-R137
Description:   A vulnerability was reported in cPanel. A remote user can conduct cross-site scripting attacks.

The Entropy Chat script does not properly filter HTML code from user-supplied input in the chat message field. A remote user can send a specially crafted message that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the cPanel software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit value is provided:

<b style="width:expression([code])">text</b>

The vendor was notified on October 14, 2005.

Andreas Sandblad of Secunia Research discovered this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the cPanel software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.cpanel.net/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability

======================================================================

                     Secunia Research 04/11/2005

         - cPanel Entropy Chat Script Insertion Vulnerability -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

cPanel 10.2.0-R82 and 10.6.0-R137

Other versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Cross-site scripting
Where:  Remote

======================================================================
3) Vendor's Description of Software

cPanel & WebHost Manager (WHM) is a next generation web hosting 
control panel system. Both cPanel & WHM are extremely feature rich as 
well as include an easy to use web based interface (GUI).

Product link:
http://www.cpanel.net/

======================================================================
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in cPanel, which can 
be exploited by malicious people to conduct script insertion attacks.

Input passed to the chat message field in the pre-installed 
Entropy Chat script isn't properly sanitised before being used. This 
can be exploited to inject arbitrary script code, which will be 
executed in a user's browser session in context of an affected site 
when the malicious user data is viewed with the 
Microsoft Internet Explorer browser.

Example:
Send message <b style="width:expression([code])">text</b> 
via http://[host]:2084/

The vulnerability has been confirmed in versions 10.2.0-R82 and 
10.6.0-R137. Other versions may also be affected.

======================================================================
5) Solution

Edit the source code to ensure that input is properly sanitised.

======================================================================
6) Time Table

10/10/2005 - Vulnerability discovered.
14/10/2005 - Vendor notified.
04/11/2005 - Public disclosure.

======================================================================
7) Credits

Discovered by Andreas Sandblad, Secunia Research.

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-56/advisory/

======================================================================



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC