Cpanel Hack? Bypassing limits

L

lagoth

Member
Apr 5, 2003
24
0
151
It seems i have discovered that users are able to bypass addon domain/ subdomain limits. by removing the subfolders that are created and replacing them with linked dirs. it appears to be on freebsd and dissappear after nightly runs. I have one user that now has way more addons then he is supposed to... Can anyone verify this is the cause?
 
K

katmai

Well-Known Member
Mar 13, 2006
564
3
168
Brno, Czech Republic
soft links maybe, but this can only be done by users who have shell access as far as i know ...
 
L

lagoth

Member
Apr 5, 2003
24
0
151
for example

user: ttest
domain tttest.com
can "addon" domains

he adds yahoo.com

that creates a subdirectory /yahoo

he removes
rm -rf yahoo

and does this from his public_html folder
ln -s ./ yahoo/

bingo he can now addon more domains!:eek:
 
chirpy

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,466
31
473
Go on, have a guess
If it is a reproducable bug then you should log it as a bug in bugzilla so that cPanel is aware of the issue if you haven't done so already.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
A My Cpanel hacked? General Discussion 2
D my cpanel was hacked General Discussion 2
M CPanel hacked General Discussion 5
J cPanel_magic_revision --> Looks like the hackers found something new to attack? General Discussion 3
D Hackers can gain access to Cpanel General Discussion 15
Similar threads
My Cpanel hacked?
my cpanel was hacked
CPanel hacked
cPanel_magic_revision --> Looks like the hackers found something new to attack?
Hackers can gain access to Cpanel
Top Bottom