Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Bugtraq: cPanel hardlink backup issue

Discussion in 'General Discussion' started by bashprompt18, Oct 18, 2004.

  1. bashprompt18

    bashprompt18 Active Member

    Jun 27, 2004
    Likes Received:
    Trophy Points:
    Garden Valley, Ca
    Name: cPanel
    Vendor URL:
    Author: Karol Wiesek <>
    Date: July 19, 2004

    cPanel backup feature allows logged in users to read any file, including
    they have not permission to read to.

    cPanel is a next generation web hosting control panel system. cPanel is
    extremely feature rich as well as include an easy to use web based
    interface (GUI). cPanel is designed for the end users of your system and
    allows them to control everything from adding / removing email accounts
    to administering MySQL databases.

    cPanel backup system allows attacker to insert into archive and then
    download files, that he does not have permission to access. System
    backup follows hard links ( thus it is only possible on the same
    partition ) and copies it into tar.gz archive. Attacker could use php,
    cgi, crontab or shell access to link file in his public_html to for
    example /etc/shadow, and then execute backup ( Backup ->
    Generate/Download a Full Backup ).

    To exploit this vulnerability just link file you want to grab to some
    file in $HOME and execute backup.

    Tested on cPanel 9.4.1-RELEASE-64, and confirmed vulnerable.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice