The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel Exploit?

Discussion in 'General Discussion' started by tlingit, Jul 1, 2006.

  1. tlingit

    tlingit Registered

    Joined:
    Jul 1, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Is there any information on this Russian fellow who seems to have come up with a Cpanel exploit? He apparently can place an inline tag in any html file and not sure what the exploit makes possible.
    I have noticed http://step57.info and http://zbzppbwqmm.biz showing up in the status bar of certain windows. the latter URL really hangs up some windows loading.
     
  2. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    16
    On properly secured server this exploit is useless.

    First of all, disable exec() in php.ini

    Then secure /tmp



    After all, this exploit retrieves md5 password hash which is again useless (IMHO) if it is good password.

    Nothing to worry about, imho.
     
Loading...

Share This Page