Bugtraq mailing list archives
Major Cpanel Expliot HTML Injection
From: Virtual Nova Web Hosting services virtualnova.net <verb0s () virtualnova net>
Date: 9 Jun 2004 04:04:51 -0000
Major Bug found 6/7/04 Discovered by Verb0s Reseller accounts with cpanel, in the password modification page, can insert a basic injection ex:http://(domain):2086/scripts/passwd?password=<>&domain=<>&user=<> The code will modify all the mysql database passwords, in which the reseller shouldnb't have permissions. From there, someone could take over someones site that may be sql based, on the same server as them. How to fix the problem: After my immediate contact with cpanel. they updated and fixed all permission problems : 6/8/04 Update your Cpanel ASAP
Current thread:
- Major Cpanel Expliot HTML Injection Virtual Nova Web Hosting services virtualnova . net (Jun 09)