exploit the possibilities

Plesk Control Panel 10.2 Cross Site Scripting

Plesk Control Panel 10.2 Cross Site Scripting
Posted Sep 23, 2011
Site xss.cx

Plesk Control Panel version 102 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 2eb876c40da0d9da7c27b3f3ec4926b6

Plesk Control Panel 10.2 Cross Site Scripting

Change Mirror Download
(From sqlhacker)

http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html

RXSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, Plesk
Control Panel Version 20110407.20Report generated by XSS.CX <http://xss.cx/>
at Tue May 24 05:40:53 CDT 2011 with respect to Plesk CPANEL for Windows
Build 20110407.20 on Windows 2008 R2 Server, 64 Bit

Plesk SMB 10.2 for Windows Report of October
2010<http://xss.cx/examples/plesk-reports/plesk-10.2.0.html>
| Plesk SMB 10.2 - Site Editor for Windows Report of October
2010<http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html>
------------------------------
Executive SummaryParallels Plesk Control Panel for Windows is vulnerable to
XSS and other injection vulnerabilities beginning with a user of least-privs
when logged into the Control Panel. Various exploit are possible from XSS to
DoS. This report is specific to proving CWE-79, XSS as a user of least
authentication within the Control Panel Application. Initially reported
(privately) to Plesk in October 2010 in Parallels Ticket #1020740, these
vulnerabilities, and others, still exist in the current releases of the
Control Panel Products.[image: XSS in Parallels Plesk Control Panel 10.2 for
Windows, XSS, DORK, GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/images/plesk-parallels-control-panel-reflected-xss-dork-ghdb-example-poc-javascript-injection-least-priv-user.jpg>
------------------------------
CPanel Application Crash[image: XSS in Parallels Plesk Control Panel 10.2
for Windows, XSS, DORK, GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/images/plesk-parallels-control-panel-reflected-xss-dork-ghdb-example-poc-javascript-failure-sanitization-input.jpg>
------------------------------
*Stored XSS PoC*[image: XSS in Parallels Plesk Control Panel 10.2 for
Windows, XSS, DORK, GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/examples/plesk-reports/plesk-example-ui-embedded-url-link-injection-poc.jpg>Plesk
Control Panel Version 20110407.20
*Application Crash*
[image: XSS in Parallels Plesk Control Panel 10.2 for Windows, XSS, DORK,
GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/examples/plesk-reports/plesk-cwe-79-sanitization-1.jpg>Plesk
Control Panel Version 20110407.20
Immunity Debugger Screen Grab of W3P.EXE Program Termination, Call Stack,
Registers, PHP5ts
[image: XSS in Parallels Plesk Control Panel 10.2 for Windows, XSS, DORK,
GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]<http://xss.cx/examples/plesk-reports/plesk-stack-stack-w3p-plesk-application-crash.jpg><https://hostedusa3.whoson.com/chat/chatstart.htm?domain=stalker.opticalcorp.com&session=546-1298753730798>
Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close