Security research firm Fortbridge has released a report claiming to have discovered “multiple vulnerabilities in cPanel/WHM”.
The report states:
“Our team has found multiple vulnerabilities in cPanel/WHM during a black-box pentest, the most important one being a privilege escalation via stored XSS. Whilst disclosing these bugs to the cPanel/WHM team, we discovered the pentested cPanel account was a reseller account with the permission to edit locales, thus this is not a default setting. The XSS vulnerability which we will present is considered a feature, and it was not fixed. We will show how this “feature” can be abused to escalate privileges to root, together with the rest of our findings.”
The report is quite detailed and shows in-depth the path they take to conduct the attack.
So what do you think – is this indeed a “feature” or is it a genuine bug? cPanel has disputed the severity of this issue.
Related Posts:
"Wait! Don't End Black Friday Without Posting This Offer!" - Win Authority has Cheap cPanel Shared H...
CYBER MONDAY: VerpexWeb has Cheap cPanel Hosting for Under $7/Year! DirectAdmin for Only $3.50/Year...
BLACK FRIDAY: Get cPanel or DirectAdmin Shared Hosting for Under $7 per Year from eWallHost!
BLACK FRIDAY: VisualWebTechnologies has Shared Hosting for $2/Year Plus Deals on Cheap cPanel and Re...
WHMCS and cPanel Prices Going Up By... 5%? 10%? Keep Guessing...
FLASH SALE: Cheap cPanel Shared Hosting from eWallHost for $7.97/YEAR!
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
- Let’s Encrypt Retiring Expiration Emails: Three Quick Solutions to Fill the Gap - February 4, 2025
- Tons of New Apps Added on PikaPods, Plus More Features!FREE $5 Welcome Credit Offer Still Good! - February 2, 2025
- Need a High RAM VPS?ByteHosting Has a HOT DEAL For You! - February 1, 2025
Leave a Reply