Secunia Research
04/11/05, 21:15
================================================== ====================
Secunia Research 04/11/2005
- cPanel Entropy Chat Script Insertion Vulnerability -
================================================== ====================
Table of Contents
Affected Software.......................................... ..........1
Severity.......................................... ...................2
Vendor's Description of Software.....................................3
Description of Vulnerability..................................... ....4
Solution.......................................... ...................5
Time Table............................................. ..............6
Credits........................................... ...................7
About Secunia........................................... .............8
Verification...................................... ...................9
================================================== ====================
1) Affected Software
cPanel 10.2.0-R82 and 10.6.0-R137
Other versions may also be affected.
================================================== ====================
2) Severity
Rating: Moderately critical
Impact: Cross-site scripting
Where: Remote
================================================== ====================
3) Vendor's Description of Software
cPanel & WebHost Manager (WHM) is a next generation web hosting
control panel system. Both cPanel & WHM are extremely feature rich as
well as include an easy to use web based interface (GUI).
Product link:
http://www.cpanel.net/
================================================== ====================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in cPanel, which can
be exploited by malicious people to conduct script insertion attacks.
Input passed to the chat message field in the pre-installed
Entropy Chat script isn't properly sanitised before being used. This
can be exploited to inject arbitrary script code, which will be
executed in a user's browser session in context of an affected site
when the malicious user data is viewed with the
Microsoft Internet Explorer browser.
Example:
Send message <b style="width:expression([code])">text</b>
via http://[host]:2084/
The vulnerability has been confirmed in versions 10.2.0-R82 and
10.6.0-R137. Other versions may also be affected.
================================================== ====================
5) Solution
Edit the source code to ensure that input is properly sanitised.
================================================== ====================
6) Time Table
10/10/2005 - Vulnerability discovered.
14/10/2005 - Vendor notified.
04/11/2005 - Public disclosure.
================================================== ====================
7) Credits
Discovered by Andreas Sandblad, Secunia Research.
================================================== ====================
8) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
================================================== ====================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-56/advisory/
================================================== ====================
Secunia Research 04/11/2005
- cPanel Entropy Chat Script Insertion Vulnerability -
================================================== ====================
Table of Contents
Affected Software.......................................... ..........1
Severity.......................................... ...................2
Vendor's Description of Software.....................................3
Description of Vulnerability..................................... ....4
Solution.......................................... ...................5
Time Table............................................. ..............6
Credits........................................... ...................7
About Secunia........................................... .............8
Verification...................................... ...................9
================================================== ====================
1) Affected Software
cPanel 10.2.0-R82 and 10.6.0-R137
Other versions may also be affected.
================================================== ====================
2) Severity
Rating: Moderately critical
Impact: Cross-site scripting
Where: Remote
================================================== ====================
3) Vendor's Description of Software
cPanel & WebHost Manager (WHM) is a next generation web hosting
control panel system. Both cPanel & WHM are extremely feature rich as
well as include an easy to use web based interface (GUI).
Product link:
http://www.cpanel.net/
================================================== ====================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in cPanel, which can
be exploited by malicious people to conduct script insertion attacks.
Input passed to the chat message field in the pre-installed
Entropy Chat script isn't properly sanitised before being used. This
can be exploited to inject arbitrary script code, which will be
executed in a user's browser session in context of an affected site
when the malicious user data is viewed with the
Microsoft Internet Explorer browser.
Example:
Send message <b style="width:expression([code])">text</b>
via http://[host]:2084/
The vulnerability has been confirmed in versions 10.2.0-R82 and
10.6.0-R137. Other versions may also be affected.
================================================== ====================
5) Solution
Edit the source code to ensure that input is properly sanitised.
================================================== ====================
6) Time Table
10/10/2005 - Vulnerability discovered.
14/10/2005 - Vendor notified.
04/11/2005 - Public disclosure.
================================================== ====================
7) Credits
Discovered by Andreas Sandblad, Secunia Research.
================================================== ====================
8) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
================================================== ====================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-56/advisory/
================================================== ====================