Cpanel Hack? Bypassing limits

L

lagoth

Member
Apr 5, 2003
24
0
151
It seems i have discovered that users are able to bypass addon domain/ subdomain limits. by removing the subfolders that are created and replacing them with linked dirs. it appears to be on freebsd and dissappear after nightly runs. I have one user that now has way more addons then he is supposed to... Can anyone verify this is the cause?
 
K

katmai

Well-Known Member
Mar 13, 2006
564
3
168
Brno, Czech Republic
soft links maybe, but this can only be done by users who have shell access as far as i know ...
 
L

lagoth

Member
Apr 5, 2003
24
0
151
for example

user: ttest
domain tttest.com
can "addon" domains

he adds yahoo.com

that creates a subdirectory /yahoo

he removes
rm -rf yahoo

and does this from his public_html folder
ln -s ./ yahoo/

bingo he can now addon more domains!:eek:
 
chirpy

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
If it is a reproducable bug then you should log it as a bug in bugzilla so that cPanel is aware of the issue if you haven't done so already.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M WHM/cPanel root access alert - Possible Hack General Discussion 1
A My Cpanel hacked? General Discussion 2
D my cpanel was hacked General Discussion 2
M CPanel hacked General Discussion 5
L cPanel forwarder hack General Discussion 3
Similar threads
WHM/cPanel root access alert - Possible Hack
My Cpanel hacked?
my cpanel was hacked
CPanel hacked
cPanel forwarder hack
Top Bottom