PHP LiveAPI API Privilege Escalation / how to call

T

TheMrg

Registered
Nov 29, 2017
2
0
1
Germany
cPanel Access Level
Reseller Owner
Hi, question about privilege escalation from PHP LiveAPI:

i addes namespace and modul in /usr/local/cpanel/bin/admin/Test (with test and test.conf)
added paper_lantern/test/test.live.php and test.live.pl
with perl i can call

$val = Cpanel::AdminBin::Call::call(
'Test',
'test',
"callfkt",
"argum",
);
succesfully

But how to call it from PHP LiveAPI?

$data=$cpanel->api2('Test', 'test', array('modul'=>'callfkt','args'=>'argum'));
This is or little different isnot working. sure. This means call Test.pm to Cpanel

Is there a api2 or uapi call to the "Cpanel::AdminBin::Call::call" ?
Or other method to call my root / priv. esc. Script?

Explain:
This is because my plugin needs PHP. So paper_lantern/test/test.live.php is needed (no perl).

Thanks.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
Hello,

Here's a response from one of our Technical Analyst's answering a similiar question in a support ticket (it was for a different purpose, but appears to apply to your question as well):

After reviewing this and discussing your request with a developer, I am afraid that I don't believe we will be able to provide you specifically what you are looking for. By intentional design our privilege escalation system makes running PHP as root impossible. Rather what is suggested is that you first create a custom UAPI function:

https://confluence0.cpanel.net/display/public/SDK/UAPI+-+Custom+UAPI+Modules

Unfortunately this has to be done in Perl. Your LiveAPI script will call this custom UAPI module. The custom UAPI module will in turn call the custom adminbin located in /usr/local/cpanel/bin/admin/<namespace>/:

Guide to API Privilege Escalation - Software Development Kit - cPanel Documentation

You custom adminbin script would in turn call the Whostmgr::API::1::IPv6::ipv6_enable_account function. The developer I spoke to said this last part does require some documentation, but I am afraid that this would not be able to be written in PHP, so a PHP example would not be forthcoming
Click to expand...
Thank you.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
Hello,

My understanding is that using PHP for that purpose isn't supported. Feel free to send an email to [email protected] if you'd like some additional feedback to this question from one of our Developers.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
T Cloudlinux API for setting php version? Developer Experience 5
jmginer SOLVED WHM PHP Handler configuration with API Developer Experience 1
N recommended cpanel/whm api library using PHP Developer Experience 2
000 how to control ErrorDocument from .htaccess when we use PHP cgi-fcgi ? Developer Experience 33
M unsecure Plugin LiveApi PHP Script shows source and PASSWORD Developer Experience 2
Similar threads
Cloudlinux API for setting php version?
SOLVED WHM PHP Handler configuration with API
recommended cpanel/whm api library using PHP
how to control ErrorDocument from .htaccess when we use PHP cgi-fcgi ?
unsecure Plugin LiveApi PHP Script shows source and PASSWORD
Top Bottom