Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Parallels H-Sphere - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#hsphere#xss#edb#parallels
Description

What is "Parallels H-Sphere - Cross-Site Scripting?"

The "Parallels H-Sphere - Cross-Site Scripting" module is designed to detect cross-site scripting vulnerabilities in the Parallels H-Sphere software. Parallels H-Sphere is a web hosting automation and control panel solution. This module focuses on identifying and reporting instances where user-supplied data is not properly sanitized, potentially allowing attackers to inject malicious scripts into web pages.

This module has a severity level of high, indicating the potential impact of the identified vulnerabilities.

This module was authored by ritikchaddha.

Impact

Cross-site scripting vulnerabilities in Parallels H-Sphere can have serious consequences. By exploiting these vulnerabilities, attackers can inject malicious scripts into web pages viewed by other users. This can lead to various attacks, such as stealing sensitive information, session hijacking, or delivering malware to unsuspecting users.

How does the module work?

The "Parallels H-Sphere - Cross-Site Scripting" module works by sending HTTP requests to specific endpoints in the target application. It then applies matching conditions to determine if the application is vulnerable to cross-site scripting attacks.

For example, one of the HTTP requests used by this module is:

GET /webshell4/login.php?err=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

This request attempts to inject a script into the "err" parameter of the login.php page. If the response contains the injected script and has a status code of 200, it indicates a potential cross-site scripting vulnerability.

The module uses multiple matching conditions to ensure accurate detection:

- Word Matcher: Checks if the response contains a specific string, indicating the presence of a vulnerability. - Header Matcher: Verifies if the response header includes the "text/html" content type, ensuring it is a web page. - Status Matcher: Confirms if the response has a status code of 200, indicating a successful request.

By combining these matching conditions, the module can effectively identify cross-site scripting vulnerabilities in Parallels H-Sphere.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/webshell4/login.php.../webshell4/login.php...
Matching conditions
word: value="\"><script>alert(document.domain)...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability