Cpanel Hack? Bypassing limits

L

lagoth

Member
Apr 5, 2003
24
0
151
It seems i have discovered that users are able to bypass addon domain/ subdomain limits. by removing the subfolders that are created and replacing them with linked dirs. it appears to be on freebsd and dissappear after nightly runs. I have one user that now has way more addons then he is supposed to... Can anyone verify this is the cause?
 
K

katmai

Well-Known Member
Mar 13, 2006
564
4
168
Brno, Czech Republic
soft links maybe, but this can only be done by users who have shell access as far as i know ...
 
L

lagoth

Member
Apr 5, 2003
24
0
151
for example

user: ttest
domain tttest.com
can "addon" domains

he adds yahoo.com

that creates a subdirectory /yahoo

he removes
rm -rf yahoo

and does this from his public_html folder
ln -s ./ yahoo/

bingo he can now addon more domains!:eek:
 
chirpy

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
If it is a reproducable bug then you should log it as a bug in bugzilla so that cPanel is aware of the issue if you haven't done so already.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S WHM and Cpanel is giving 500 internal server error as someone hacked Security 1
K My WHM/cpanel account hacked? No access to root Security 10
1 SOLVED cpanel login after AnonmousFox hack Security 21
B Is it me or the ISP to blame for cPanel hack? Security 5
m.eid CPanel Hulk hacked? Security 1
Similar threads
WHM and Cpanel is giving 500 internal server error as someone hacked
My WHM/cpanel account hacked? No access to root
SOLVED cpanel login after AnonmousFox hack
Is it me or the ISP to blame for cPanel hack?
CPanel Hulk hacked?
Top Bottom