Not open for further replies.


Active Member
May 27, 2005
cPanel Access Level
Root Administrator
Please explain this problem?

Thank you.
General info :
vuln application : Cpanel Build 10.4.0-EDGE 254
vender :
risk : Medium
access : to all the domains hosted
original advisory :
Details :
scenario :
you are admin of a big hosting company , one of your customers wanted 10 mb hosting ,
ok ah you are at home but how the hell he got the phone number anyway !
you login to your cpanel as reseller you creat his account , creat the plan
you USE your reseller passwd for him after the job is finished you change the
password to urgonnohackme ! tomorrow you go to work , happy morning it is .
but when you here that your 10000 customer sites had been defaced it completely changes
to a terrific morning .
also if a normal cpanel user change the pass to root by chance he wont know but
when he change his passwd again he see all the domains listed for him !!!
a sample movie created about how the vuln could be used :
timeline :
vender not contacted because of the great care venders give us !
08 august 2005 : public disclosure
Not open for further replies.