Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Blind SQL Injection in PostgreSQL

Discussion in 'Security' started by Mulyawan Sentosa, May 27, 2017.

Tags:
  1. Mulyawan Sentosa

    Mulyawan Sentosa Registered

    Joined:
    May 27, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm checking my web security by detectify.com, I found the severe issue found in cPanel. It's found at http://mydomain:2082/unprotected/loader.html. it said that there is Vulnerable GET variable goto_uri on that file, and An attacker can execute SQL code, which includes reading/writing to the database and possibly writing directly to the file system.

    Please help how to solve this?

    Thank you.
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    839
    Likes Received:
    302
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I think you will need to switch the Home » Server Configuration » Tweak Settings ;
    Security > Require SSL for cPanel Services to ON

    and you may also want to switch

    Redirection > Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” to ON as well
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look at that report and verify whether it's a false positive? You can post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,563
    Likes Received:
    43
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    detectify is likely mistaking the loader.html file for something in a completely different application.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice