Sitelock reporting vulnerability on cpanel webmail login

whm-expert

• April 28, 2014 08:24

hello every one i am using sitelock to protect one of our website. the website is using php CMS, and its have a php file that let the visitors directly login to their cpanel webmail. when i log to "sitelock dashboard" i see this error error message "Vulnerable(1)" URL:/http://xxxx.com/ar/webmail.php?login=&pass=1&port=2096&user=1 Cross site scripting vulnerability found in args:login,pass,port,user please is there any other way to login to webmail without this problem? please check the script below ========================== ) { exit; } $user = $_POST['user">; $pass = $_POST['pass">; $port = $_POST['port">; $port == "2096" || $port == "2087" || $port == "2083" ? $pre = "https://" : $pre = "http://"; $port == "2095" || $port == "2096" && !eregi("@", $user) ? $user = "".$user."@".$domain."" : $user = $user; ?> " method="post">
========================== regards

• 

  cPanelMichael

  • April 29, 2014 13:12

  Hello :) You may find the following document helpful: Secure Remote Logins Thank you.

  0

Please sign in to leave a comment.