Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


WebHostManager 11.44.1.18 - Cross Site Scripting

  • 0 Vote(s) - 0 Average


10-07-2014, 11:47 PM #1
DevilScreaM Offline root:x:0:0:root:/root:/bin/bash *****
MaDLeeTs LoVer
Posts:7 Threads:7 Joined:Oct 2013 Reputation: 1
Mood: None
#Exploit Name : WebHostManager 11.44.1.18 - Cross Site Scripting
#Author : DevilScreaM
#Date : 7 October 2014
#Vendor : http://cpanel.net/
#Version : 11.44.1.18 or Higher/Lower Version
#Vulnerability : Cross Site Scripting
#Type : #WebApps #Application
#Tested : My PC > Windows 7 64 Bit, OS WHM > CENTOS 5.11
#Thanks : Newbie-Security, Indonesian Hacker Team, Indonesia Coder Team, Indonesia Security Team


Cross Site Scripting

Vuln : http://localhost:2087/scripts2/editnews


Tutorial :

1. Login To Your WebHost Manager With Port 2086 or 2087

2. Goto http://localhost:2087/scripts2/editnews

3. On TextBox, Input your XSS, Example :

<script>alert("DevilScreaM")</script>

Screenshot :

[Image: 2ajuvi8.jpg]

4. Click Save News


You And Client Can See your XSS, How?

1. Login to cPanel Account with port 2082 or 2083

2. After Login, You Can See Your XSS

Screenshot

[Image: 34do2lw.jpg]

10-08-2014, 02:28 AM #2
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:790 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
hmm nice share but a bit hard to reach that and if you done that you are already in the system Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]

10-09-2014, 06:30 AM #3
Cer0L Offline Junior Member **
Registered
Posts:9 Threads:1 Joined:May 2014 Reputation: 0
Mood: Amazed
agree with T3N38R15, btw thanks for shared with us!

I love Learn from people who knows what they do.
I believe that there is only one God ALLAH!!! Heart

10-09-2014, 07:17 AM #4
sniffer Offline Bug Researchers **********
Junior Administrator
Posts:877 Threads:126 Joined:Sep 2012 Reputation: 12
Mood: Hacker
nice share Smiley1


Email : [email protected]
Skype : Ali_Sniffer

10-09-2014, 05:30 PM #5
kronZy Offline Tata lui .Breacker. *****
MaDLeeTs LoVer
Posts:4 Threads:0 Joined:Oct 2014 Reputation: 0
Mood: Evil
nice bro .






Forum Jump:


Users browsing this thread:1 Guest(s)