Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP LiveAPI API Privilege Escalation / how to call

Discussion in 'cPanel Developers' started by TheMrg, Nov 29, 2017.

Tags:
  1. TheMrg

    TheMrg Registered

    Joined:
    Nov 29, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Germany
    cPanel Access Level:
    Reseller Owner
    Hi, question about privilege escalation from PHP LiveAPI:

    i addes namespace and modul in /usr/local/cpanel/bin/admin/Test (with test and test.conf)
    added paper_lantern/test/test.live.php and test.live.pl
    with perl i can call

    $val = Cpanel::AdminBin::Call::call(
    'Test',
    'test',
    "callfkt",
    "argum",
    );
    succesfully

    But how to call it from PHP LiveAPI?

    $data=$cpanel->api2('Test', 'test', array('modul'=>'callfkt','args'=>'argum'));
    This is or little different isnot working. sure. This means call Test.pm to Cpanel

    Is there a api2 or uapi call to the "Cpanel::AdminBin::Call::call" ?
    Or other method to call my root / priv. esc. Script?

    Explain:
    This is because my plugin needs PHP. So paper_lantern/test/test.live.php is needed (no perl).

    Thanks.
     
    #1 TheMrg, Nov 29, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,721
    Likes Received:
    1,705
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Here's a response from one of our Technical Analyst's answering a similiar question in a support ticket (it was for a different purpose, but appears to apply to your question as well):

    Thank you.
     
    #2 cPanelMichael, Nov 29, 2017
  3. TheMrg

    TheMrg Registered

    Joined:
    Nov 29, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Germany
    cPanel Access Level:
    Reseller Owner
    Thanks, but how can we run a PHP Script as Root with this succestion?
     
    #3 TheMrg, Nov 30, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,721
    Likes Received:
    1,705
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    My understanding is that using PHP for that purpose isn't supported. Feel free to send an email to integration@cpanel.net if you'd like some additional feedback to this question from one of our Developers.

    Thank you.
     
    #4 cPanelMichael, Nov 30, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - LiveAPI Privilege Escalation
  1. sparek-3

    LiveAPI trick so feature is enabled

    sparek-3, Jul 11, 2017, in forum: cPanel Developers
    Replies:
    4
    Views:
    516
    sparek-3
    Jul 12, 2017
  2. linux.system25

    Child failed to make LIVEAPI connection to cPanel.

    linux.system25, Mar 30, 2017, in forum: cPanel Developers
    Replies:
    1
    Views:
    735
    cPanelMichael
    Mar 30, 2017
  3. ipftp

    Need help with liveAPI or similar

    ipftp, Mar 23, 2017, in forum: cPanel Developers
    Replies:
    2
    Views:
    652
    Amine Dehbi
    Jun 1, 2017
  4. Krydos

    PHP LiveAPI Header

    Krydos, Aug 26, 2016, in forum: User Experience
    Replies:
    4
    Views:
    810
    Krydos
    Aug 28, 2016
  5. ayman qaidi

    Child failed to make LIVEAPI connection to cPanel

    ayman qaidi, May 13, 2016, in forum: cPanel Developers
    Replies:
    4
    Views:
    2,613
    cPanelMichael
    Jun 7, 2016

Share This Page