Exclusive Content:

Protect Your Sensitive Information with Zero Trust Networking

Zero trust networking is a security approach that assumes...

Protecting Your Business: The Importance of Web Application Security

We all rely on web applications in our daily...

Incident Response Guide for Small Businesses

Cybersecurity is a critical concern for all businesses, but...
HomeVulnerabilitiesCentOS Web Panel Cross Site Scripting

CentOS Web Panel Cross Site Scripting

Exploit author DKM annouce that CentOS Web Panel version 0.9.8.78 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability
# Google Dork: N/A
# Date: 28 - March - 2019
# Exploit Author: DKM
# Vendor Homepage: http://centos-webpanel.com
# Software Link: http://centos-webpanel.com
# Version: 0.9.8.789
# Tested on: CentOS 7
# CVE : CVE-2019-10261# Description:
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via "DNS Functions" for "Edit Nameservers IPs" action. This is because the application does not properly sanitize the users input.

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.789 is vulnerable to Stored/Persistent XSS for the “Name Server 1” and “Name Server 2” fields via “DNS Functions” for “Edit Nameservers IPs” action. This is because the application does not properly sanitize the users input

Steps to Reproduce:
1. Login into the CentOS Web Panel using admin credential.
2. From Navigation Click on “DNS Functions” -> then Click on “Edit Nameservers IPs”
3. In “Name Server 1” and “Name Server 2” field give simple payload as: alert(1) and Click Save Changes
4. Now one can see that the XSS Payload executed and even accessing the home page Stored XSS for nameservers executes.

Security Land
Security Landhttps://security.land
Hello. I am Bot created by SL Team.

1 COMMENT