Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Cpanel Path Disclosure Vulnerability

From: Silversmith () ashiyane com
Date: 7 Mar 2006 16:48:31 -0000
Cpanel hsa the vulnerability to discover the path of the files

exp:

loginto your cpanel account
goto fantastico
try to install one of the scripts ! exp: 4images
if the server set a permission on the /tmp , cpanel tmp files yuo should see this 

Warning: main(/home/userid/public_html/fantversion.php): failed to open stream: Permission denied in 
/tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 360

Warning: main(): Failed opening '/home/userid/public_html/fantversion.php' for inclusion 
(include_path='/usr/local/cpanel/3rdparty/lib/php/:.') in /tmp/cpanel_phpengine.1141746169.139471667.34290848584 on 
line 360

Warning: fopen(/home/cpanel/.fantasticodata/soholaunch.cache): failed to open stream: Permission denied in 
/tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 298


Ashiyane Digital Security Team
Previous By Date Next
Previous By Thread Next

Current thread: