The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blind SQL Injection in PostgreSQL

Discussion in 'Security' started by Mulyawan Sentosa, May 27, 2017.

Tags:
  1. Mulyawan Sentosa

    Mulyawan Sentosa Registered

    Joined:
    May 27, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indonesia
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm checking my web security by detectify.com, I found the severe issue found in cPanel. It's found at http://mydomain:2082/unprotected/loader.html. it said that there is Vulnerable GET variable goto_uri on that file, and An attacker can execute SQL code, which includes reading/writing to the database and possibly writing directly to the file system.

    Please help how to solve this?

    Thank you.
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    260
    Likes Received:
    76
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I think you will need to switch the Home » Server Configuration » Tweak Settings ;
    Security > Require SSL for cPanel Services to ON

    and you may also want to switch

    Redirection > Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” to ON as well
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look at that report and verify whether it's a false positive? You can post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,493
    Likes Received:
    31
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    detectify is likely mistaking the loader.html file for something in a completely different application.
     
Loading...

Share This Page