cPanel Login Command Injection Vulnerability

**WCW Fan** · 03-15-2004 06:49 PM

is this fixed in the latest stable version ?

**casey** · 03-15-2004 07:12 PM

Originally posted by WCW Fan
is this fixed in the latest stable version ?

No cpanel servers should be vulnerable to this anymore. Cpanel themselves hacked those that were in order to patch them.

**Curious Too** · 03-15-2004 08:12 PM

Originally posted by Domenico
EDIT: this is not about the 'lost password' hack! Read carefully...

But it is old news. This exploit was posted and patched along with the "lost password" hack.

**oldengine** · 03-16-2004 12:11 AM

This has been patched in latest forced update

Does it take too much effort to refer to the "latest update" by its number? There are THREE versions EDGE, RELEASE and STABLE, each with numbers that appear in the upper right hand corner. It would be a lot simpler to use them rather than having to poke around to find out what the LATEST is as of when.

**zex** · 03-16-2004 06:03 AM

I think that people on this forum deserve that cpanel officaly say to us wich version are secure and wich are not.

I had before day's rootkit and I spend hell-weekend just becouse I didn't know that there is autorootkit for cpanel.
I think that in any case custumers have right to know about all problems, If we continue to keep things just for our selves, and not share information we may just forgot about security and give keys of our servers to people who know better than us wich version are vurnelable or wich software have bugs.

**cpanelnick** · 03-16-2004 06:07 AM

Originally posted by zex
I think that people on this forum deserve that cpanel officaly say to us wich version are secure and wich are not.

I had before day's rootkit and I spend hell-weekend just becouse I didn't know that there is autorootkit for cpanel.
I think that in any case custumers have right to know about all problems, If we continue to keep things just for our selves, and not share information we may just forgot about security and give keys of our servers to people who know better than us wich version are vurnelable or wich software have bugs.

8.6.0build31 though 9.1.0build40 are the builds with the security problems.

**zex** · 03-16-2004 08:07 AM

Thank you for fast replay. This is very helpful.

**trakwebster** · 03-16-2004 02:13 PM

Originally posted by zex
... <snip> ... didn't know that there is autorootkit for cpanel ... <snip> ...

Uh, autorootkit?

What is autorootkit?

**dasher** · 08-08-2004 10:06 AM

Originally Posted by thaphantom

1) Yes this is fixed
2) Are you so damn stupid that you are going to post HOW TO DO A HACK INTO A PUBLIC FORUM!?!?!?!? /me shakes head... another dumbass

Please don't be a dumb ass!
Security through obscurity isn't.

The information is public domain already. And telling Admins how to test to see if their own system in vulerable - is an important way for them to check the vendor has fixed the problem.

Dasher

**dasher** · 08-09-2004 04:46 AM

Originally Posted by thaphantom

#1 you are about as dense as them. LOOK AT THE DATE ON THIS
#2 Try to think before posting, it cant be that hard to do

Is there a date on a principle?
I was referring to the general principle of full disclosure.

Your rule #2 applies...

LinkBack

Thread Tools

vulnerability of cPanel?

New cpanel vulnerability?

AWStats Remote Command Execution Vulnerability (configdir)

What is the command to restart cpanel via the command line?