exploit the possibilities

Plesk Control Panel 10.2 Cross Site Scripting

Plesk Control Panel 10.2 Cross Site Scripting
Posted Sep 23, 2011
Site xss.cx

Plesk Control Panel version 102 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 9ce94f018b6a159b2536c30e1849e01d5740c9bd9318fe2e6a86e92ad9d7fff7

Plesk Control Panel 10.2 Cross Site Scripting

Change Mirror Download
(From sqlhacker)

http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html

RXSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, Plesk
Control Panel Version 20110407.20Report generated by XSS.CX <http://xss.cx/>
at Tue May 24 05:40:53 CDT 2011 with respect to Plesk CPANEL for Windows
Build 20110407.20 on Windows 2008 R2 Server, 64 Bit

Plesk SMB 10.2 for Windows Report of October
2010<http://xss.cx/examples/plesk-reports/plesk-10.2.0.html>
| Plesk SMB 10.2 - Site Editor for Windows Report of October
2010<http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html>
------------------------------
Executive SummaryParallels Plesk Control Panel for Windows is vulnerable to
XSS and other injection vulnerabilities beginning with a user of least-privs
when logged into the Control Panel. Various exploit are possible from XSS to
DoS. This report is specific to proving CWE-79, XSS as a user of least
authentication within the Control Panel Application. Initially reported
(privately) to Plesk in October 2010 in Parallels Ticket #1020740, these
vulnerabilities, and others, still exist in the current releases of the
Control Panel Products.[image: XSS in Parallels Plesk Control Panel 10.2 for
Windows, XSS, DORK, GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/images/plesk-parallels-control-panel-reflected-xss-dork-ghdb-example-poc-javascript-injection-least-priv-user.jpg>
------------------------------
CPanel Application Crash[image: XSS in Parallels Plesk Control Panel 10.2
for Windows, XSS, DORK, GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/images/plesk-parallels-control-panel-reflected-xss-dork-ghdb-example-poc-javascript-failure-sanitization-input.jpg>
------------------------------
*Stored XSS PoC*[image: XSS in Parallels Plesk Control Panel 10.2 for
Windows, XSS, DORK, GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/examples/plesk-reports/plesk-example-ui-embedded-url-link-injection-poc.jpg>Plesk
Control Panel Version 20110407.20
*Application Crash*
[image: XSS in Parallels Plesk Control Panel 10.2 for Windows, XSS, DORK,
GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/examples/plesk-reports/plesk-cwe-79-sanitization-1.jpg>Plesk
Control Panel Version 20110407.20
Immunity Debugger Screen Grab of W3P.EXE Program Termination, Call Stack,
Registers, PHP5ts
[image: XSS in Parallels Plesk Control Panel 10.2 for Windows, XSS, DORK,
GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/examples/plesk-reports/plesk-stack-stack-w3p-plesk-application-crash.jpg><https://hostedusa3.whoson.com/chat/chatstart.htm?domain=stalker.opticalcorp.com&session=546-1298753730798>
Login or Register to add favorites

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close