Pen testers and vendor disagree over appropriate mitigations
Security researchers have achieved remote code execution (RCE) on web hosting platform cPanel & WHM after bypassing CSRF protections and escalating privileges via a stored cross-site scripting (XSS) vulnerability.
cPanel & WHM is a suite of Linux tools that enable the automation of web hosting tasks via a graphical user interface (GUI). cPanel is used in the hosting of more than 168,000 websites, according to Datanyze.
During a black-box pen test, RCE was also demonstrated via a “more convoluted” cross-site WebSocket hijacking attack that was…
Source link