cPanel Entropy Chat script 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1197408 漏洞类型 跨站脚本
发布时间 2005-11-05 更新时间 2006-06-14
CVE编号 CVE-2005-3505 CNNVD-ID CNNVD-200511-124
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2005110013
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200511-124
|漏洞详情
cPanel是功能强大,容易使用的虚拟主机控制系统。cPanel10.2.0-R82和10.6.0-R137的EntropyChat脚本中的跨站脚本攻击(XSS)漏洞,可让远程攻击者在聊天消息样式属性的等标记中包含Javascript(通过InternetExplorer处理),以此注入任意Web脚本或HTML。
|漏洞EXP
======================================================================

Secunia Research 04/11/2005

- cPanel Entropy Chat Script Insertion Vulnerability -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

cPanel 10.2.0-R82 and 10.6.0-R137

Other versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Cross-site scripting
Where:  Remote

======================================================================
3) Vendor's Description of Software

cPanel & WebHost Manager (WHM) is a next generation web hosting 
control panel system. Both cPanel & WHM are extremely feature rich as 
well as include an easy to use web based interface (GUI).

Product link:
http://www.cpanel.net/

======================================================================
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in cPanel, which can 
be exploited by malicious people to conduct script insertion attacks.

Input passed to the chat message field in the pre-installed 
Entropy Chat script isn't properly sanitised before being used. This 
can be exploited to inject arbitrary script code, which will be 
executed in a user's browser session in context of an affected site 
when the malicious user data is viewed with the 
Microsoft Internet Explorer browser.

Example:
Send message <b style="width:expression([code])">text</b> 
via http://[host]:2084/

The vulnerability has been confirmed in versions 10.2.0-R82 and 
10.6.0-R137. Other versions may also be affected.

======================================================================
5) Solution

Edit the source code to ensure that input is properly sanitised.

======================================================================
6) Time Table

10/10/2005 - Vulnerability discovered.
14/10/2005 - Vendor notified.
04/11/2005 - Public disclosure.

======================================================================
7) Credits

Discovered by Andreas Sandblad, Secunia Research.

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-56/advisory/

======================================================================
|参考资料

来源:BID
名称:15327
链接:http://www.securityfocus.com/bid/15327
来源:BUGTRAQ
名称:20051104SecuniaResearch:cPanelEntropyChatScriptInsertionVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/415722/30/0/threaded
来源:OSVDB
名称:20459
链接:http://www.osvdb.org/20459
来源:VUPEN
名称:ADV-2005-2306
链接:http://www.frsirt.com/english/advisories/2005/2306
来源:SECTRACK
名称:1015157
链接:http://securitytracker.com/id?1015157
来源:MISC
链接:http://secunia.com/secunia_research/2005-56/advisory/
来源:SECUNIA
名称:16609
链接:http://secunia.com/advisories/16609
来源:FULLDISC
名称:20051104SecuniaResearch:cPanelEntropyChatScriptInsertionVulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html
来源:SREASON
名称:148
链接:http://securityreason.com/securityalert/148