Cpanel Hack? Bypassing limits

lagoth

Member
Apr 5, 2003
24
0
151
It seems i have discovered that users are able to bypass addon domain/ subdomain limits. by removing the subfolders that are created and replacing them with linked dirs. it appears to be on freebsd and dissappear after nightly runs. I have one user that now has way more addons then he is supposed to... Can anyone verify this is the cause?
 

katmai

Well-Known Member
Mar 13, 2006
564
3
168
Brno, Czech Republic
soft links maybe, but this can only be done by users who have shell access as far as i know ...
 

lagoth

Member
Apr 5, 2003
24
0
151
for example

user: ttest
domain tttest.com
can "addon" domains

he adds yahoo.com

that creates a subdirectory /yahoo

he removes
rm -rf yahoo

and does this from his public_html folder
ln -s ./ yahoo/

bingo he can now addon more domains!:eek:
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
If it is a reproducable bug then you should log it as a bug in bugzilla so that cPanel is aware of the issue if you haven't done so already.