exploit the possibilities

Parallels Plesk Panel 9.5 Cross Site Scripting

Parallels Plesk Panel 9.5 Cross Site Scripting
Posted Nov 6, 2019
Authored by Rafay Baloch, Muhammad Samak

Parallels Plesk Panel version 9.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-18793
MD5 | c5350e2e3a070c750e1ecf208c0d70f7

Parallels Plesk Panel 9.5 Cross Site Scripting

Change Mirror Download
#Exploit Title: Parallels Plesk Panel 9.5 Reflected XSS

#Release Date: 06/11/2019

#Company: Cyber Citadel

#CVE-ID: 2019-18793

#Website: www.cybercitadel.com

#Vendor: www.plesk.com

#Versions 9.5



*Description*



A Cross Site Scripting vulnerability occurs when an attacker can inject
JavaScript in context of the web application. The vulnerability occurs when
user input is not sanitized before it’s returned back to the user. Because
JavaScript is able to access your DOM (Document Object Model) an attacker
can craft a JavaScript payload which can be used to steal the victim’s
session cookies and send it to a domain that they control thereby hijacking
the session.



The vulnerability exists in "*fileName*" parameter reflected in application
response were later being reflected in different parts of application
response.



*Credits *



Discovered by: Rafay Baloch and Muhammad Samak



*POC*



https://target/locales/tr-TR/help/index.htm?fileName=javascript:alert(document.domain)



*Solution*

Any user-generated input should be HTML-encoded, at any point, where it is
copied into application responses.

All HTML meta characters should be replaced with the corresponding HTML
entities. The following meta characters shall be filtered out before they
are displayed back to the user.

[1] | (pipe sign)

[2] & (ampersand sign)

[3] ; (semicolon sign)

[4] $ (dollar sign)

[5] % (percent sign)

[6] @ (at sign)

[7] ʹ (single apostrophe)

[8] ʺ (quotation mark)

[9] \ʹ (backslash‐escaped apostrophe)

[10] \ʺ (backslash‐escaped quotation mark)

[11] <> (triangular parenthesis)

[12] () (parenthesis)

[13] + (plus sign)

[14] CR (Carriage return, ASCII 0x0d)

[15] LF (Line feed, ASCII 0x0a)

[16] , (comma sign)

[17] \ (backslash)

*Recommendation*



Upgrade to the latest version of Parallel Plesk.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    6 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close