The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel Build 10.4.0-EDGE 254

Discussion in 'General Discussion' started by hostserver, Aug 11, 2005.

Thread Status:
Not open for further replies.
  1. hostserver

    hostserver Active Member

    Joined:
    May 27, 2005
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello!
    http://www.ihsteam.com/download/video/cpbug.swf
    Please explain this problem?

    Thank you.

    http://www.securitylab.ru/56471.html
    ---
    General info :
    vuln application : Cpanel Build 10.4.0-EDGE 254
    vender : www.cpanel.net
    risk : Medium
    access : to all the domains hosted
    original advisory : http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=40
    Details :
    scenario :
    you are admin of a big hosting company , one of your customers wanted 10 mb hosting ,
    ok ah you are at home but how the hell he got the phone number anyway !
    you login to your cpanel as reseller you creat his account , creat the plan
    you USE your reseller passwd for him after the job is finished you change the
    password to urgonnohackme ! tomorrow you go to work , happy morning it is .
    but when you here that your 10000 customer sites had been defaced it completely changes
    to a terrific morning .
    also if a normal cpanel user change the pass to root by chance he wont know but
    when he change his passwd again he see all the domains listed for him !!!
    a sample movie created about how the vuln could be used :
    http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=41
    timeline :
    vender not contacted because of the great care venders give us !
    08 august 2005 : public disclosure
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
Loading...
Thread Status:
Not open for further replies.

Share This Page