Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Cpanel Build 10.4.0-EDGE 254

Discussion in 'General Discussion' started by hostserver, Aug 11, 2005.

Thread Status:
Not open for further replies.
  1. hostserver

    hostserver Active Member

    Joined:
    May 27, 2005
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    151
    cPanel Access Level:
    Root Administrator
    Hello!
    http://www.ihsteam.com/download/video/cpbug.swf
    Please explain this problem?

    Thank you.

    http://www.securitylab.ru/56471.html
    ---
    General info :
    vuln application : Cpanel Build 10.4.0-EDGE 254
    vender : www.cpanel.net
    risk : Medium
    access : to all the domains hosted
    original advisory : http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=40
    Details :
    scenario :
    you are admin of a big hosting company , one of your customers wanted 10 mb hosting ,
    ok ah you are at home but how the hell he got the phone number anyway !
    you login to your cpanel as reseller you creat his account , creat the plan
    you USE your reseller passwd for him after the job is finished you change the
    password to urgonnohackme ! tomorrow you go to work , happy morning it is .
    but when you here that your 10000 customer sites had been defaced it completely changes
    to a terrific morning .
    also if a normal cpanel user change the pass to root by chance he wont know but
    when he change his passwd again he see all the domains listed for him !!!
    a sample movie created about how the vuln could be used :
    http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=41
    timeline :
    vender not contacted because of the great care venders give us !
    08 august 2005 : public disclosure
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice