Status
Not open for further replies.

hostserver

Active Member
May 27, 2005
25
0
151
cPanel Access Level
Root Administrator
Hello!
http://www.ihsteam.com/download/video/cpbug.swf
Please explain this problem?

Thank you.

http://www.securitylab.ru/56471.html
---
General info :
vuln application : Cpanel Build 10.4.0-EDGE 254
vender : www.cpanel.net
risk : Medium
access : to all the domains hosted
original advisory : http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=40
Details :
scenario :
you are admin of a big hosting company , one of your customers wanted 10 mb hosting ,
ok ah you are at home but how the hell he got the phone number anyway !
you login to your cpanel as reseller you creat his account , creat the plan
you USE your reseller passwd for him after the job is finished you change the
password to urgonnohackme ! tomorrow you go to work , happy morning it is .
but when you here that your 10000 customer sites had been defaced it completely changes
to a terrific morning .
also if a normal cpanel user change the pass to root by chance he wont know but
when he change his passwd again he see all the domains listed for him !!!
a sample movie created about how the vuln could be used :
http://www.ihsteam.com/cms/modules/mydownloads/visit.php?lid=41
timeline :
vender not contacted because of the great care venders give us !
08 august 2005 : public disclosure
 
Status
Not open for further replies.