cPanel多个跨站脚本和跨站请求伪造漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115161 漏洞类型 跨站脚本
发布时间 2008-05-09 更新时间 2009-01-29
CVE编号 CVE-2008-2070 CNNVD-ID CNNVD-200805-094
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/31772
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200805-094
|漏洞详情
cPanel是基于web的工具,用于自动化控制网站和服务器。cPanel的WHM接口允许用户管理和访问cPanel及WHM软件包的核心。这个接口没有正确地防范跨站脚本和跨站请求伪造攻击,允许远程攻击者通过提交恶意请求在服务器上执行任意代码。所有管理用户输入的函数都存在跨站脚本漏洞,以下为部分有漏洞的函数列表:*KnowlegeBase(/scripts2/knowlegebase?issue=[INJECTION]&domain=)*ChangeIptodomain(/scripts2/changeip?domain=any&user=[INJECTION])*Listuseraccount(/scripts2/listaccts?searchtype=domain&search=[INJECTION]&acctp=30)所有通过HTTP方式执行操作(如重启服务或整个服务器)的函数都存在跨站请求伪造漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/29125/info
 
cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
 
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
 
http://www.example.com/scripts2/changeip?domain=any&user=[INJECTION]
|参考资料

来源:XF
名称:cpanel-whminterface-xss(42305)
链接:http://xforce.iss.net/xforce/xfdb/42305
来源:BID
名称:29125
链接:http://www.securityfocus.com/bid/29125
来源:BUGTRAQ
名称:20080509XSSandCSRFvulnerabilityonCpanel11
链接:http://www.securityfocus.com/archive/1/archive/1/491864/100/0/threaded
来源:SREASON
名称:3866
链接:http://securityreason.com/securityalert/3866
来源:MISC
链接:http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=25;te=1314;pg=2
来源:VUPEN
名称:ADV-2008-1522
链接:http://www.frsirt.com/english/advisories/2008/1522/references
来源:SECUNIA
名称:30166
链接:http://secunia.com/advisories/30166
来源:FULLDISC
名称:20080509XSSandCSRFvulnerabilityoncPanel11
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html