brpitbull

Registered
Jun 26, 2006
1
0
151
Here's something that will get the cpanel hits working ovetime !

If I list domains in my WHM and click on any domain that will bring up the domain correct ?

BUT if I then go to the latest visitors in that domain I will see a link like this:

Http Code: 200 Date: Jun 26 18:18:55 Http Version: HTTP/1.1 Size in Bytes: 18067
Referer: http://xxxxx.com:2086/scripts2/listaccts?skip=18&search=&searchtype=&acctp=30
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4

I can then click on this link and list every domain on the server from the customers cpanel

Would you call this a security issue ?
 

HH-Steven

Well-Known Member
Aug 29, 2004
284
0
166
cPanel Access Level
Root Administrator
I think youll find that its showing the list because your still logged into WHM:

If I list domains in my WHM and click on any domain that will bring up the domain correct ?
Ive tried this myself and it does show the list if i go to the domains cpanel via WHM or login to the domains cpanel using the "resellers" password.

If i logout then try it, it asks for a login.