Hello There, Guest! Login Register
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.

WebHostManager - Cross Site Scripting

  • 0 Vote(s) - 0 Average

10-07-2014, 11:47 PM #1
DevilScreaM Offline root:x:0:0:root:/root:/bin/bash *****
MaDLeeTs LoVer
Posts:7 Threads:7 Joined:Oct 2013 Reputation: 1
Mood: None
#Exploit Name : WebHostManager - Cross Site Scripting
#Author : DevilScreaM
#Date : 7 October 2014
#Vendor : http://cpanel.net/
#Version : or Higher/Lower Version
#Vulnerability : Cross Site Scripting
#Type : #WebApps #Application
#Tested : My PC > Windows 7 64 Bit, OS WHM > CENTOS 5.11
#Thanks : Newbie-Security, Indonesian Hacker Team, Indonesia Coder Team, Indonesia Security Team

Cross Site Scripting

Vuln : http://localhost:2087/scripts2/editnews

Tutorial :

1. Login To Your WebHost Manager With Port 2086 or 2087

2. Goto http://localhost:2087/scripts2/editnews

3. On TextBox, Input your XSS, Example :


Screenshot :

[Image: 2ajuvi8.jpg]

4. Click Save News

You And Client Can See your XSS, How?

1. Login to cPanel Account with port 2082 or 2083

2. After Login, You Can See Your XSS


[Image: 34do2lw.jpg]

10-08-2014, 02:28 AM #2
T3N38R15 Offline ? lawless-coder *****
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
hmm nice share but a bit hard to reach that and if you done that you are already in the system Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]

10-09-2014, 06:30 AM #3
Cer0L Offline Junior Member **
Posts:9 Threads:1 Joined:May 2014 Reputation: 0
Mood: Amazed
agree with T3N38R15, btw thanks for shared with us!

I love Learn from people who knows what they do.
I believe that there is only one God ALLAH!!! Heart

10-09-2014, 07:17 AM #4
sniffer Offline Bug Researchers **********
Junior Administrator
Posts:878 Threads:126 Joined:Sep 2012 Reputation: 12
Mood: Happy
nice share Smiley1

jabber : [email protected]

10-09-2014, 05:30 PM #5
kronZy Offline Tata lui .Breacker. *****
MaDLeeTs LoVer
Posts:4 Threads:0 Joined:Oct 2014 Reputation: 0
Mood: Evil
nice bro .

Forum Jump:

Users browsing this thread:1 Guest(s)