The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM PHP access problem - vulnerability?

Discussion in 'General Discussion' started by Specks, Jul 7, 2004.

  1. Specks

    Specks Well-Known Member

    Joined:
    Jul 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    I'm programing a host manager for my site using the PHP library. I was testing the library playing around with the functions and a few things came up that concerned me.

    1. The "listpkgs" function not only lists my packages but everyone elses packages too.
    2. Why doesn't the PHP library have the same functionality as the Perl library does? There are a few functions missing.
      [/list=1]

      I don't need to see what other resellers are doing on my server. The fact that I can see them means that they can see me too. I don't want the other users/resellers to see what I'm doing and I really don't care as to what they're doing. Not to mention that this is extra data to deal with. I can determine the number of individuals on the server Im on and their usernames just by asking for this information through the library. This should be information that the host really doesn't want me to see. I think this is a vulnerability that needs to be addressed.
     
  2. networxhosting

    networxhosting Well-Known Member
    PartnerNOC

    Joined:
    Apr 22, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hamilton, Ontario, CANADA
    Things like this should be sent directly to security@cpanel.net and not posted publically in a forum (for obvious reasons; could give some unethical people some "ideas")

    - domer
     
  3. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    I am not sure how it rates as a vulnerability (but then again specks did put a question mark after the title).

    If you think it is a problem with the design of the cpanel package, I suggest that you create a bug report.
     
  4. Specks

    Specks Well-Known Member

    Joined:
    Jul 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    I think it rates as one since half the battle of getting in to a system is getting the user name. The user name is prepended to each package name to identify that package to the user. Don't chide me for exposing a possible vulnerability. cPanel should have thought this function through and the way I see it, they didn't. I've seen worst vulnerabilities posted to this message board. Ones that would allow a user to gain control of a server that has cPanel installed unless they've closed it.
     
  5. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    I wasn't, but then again you probably weren't directing that at me :cool:

    I am still not sure (I haven't tested it) how you can get the information without a valid logon. If you have a valid logon, then there are certainly more mischevious things that can be done besides listing web user account names in a shared environment.

    No need to go round and round with this issue, I understand your point. I still think that filing a bug report is the best way to send a message to cpanel that you do not appreciate this "feature".
     
  6. Specks

    Specks Well-Known Member

    Joined:
    Jul 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    I went ahead and did what you (SarcNBit) and networxhosting had suggested. J. Nick Coston replied to me that my point was moot so I'll shut up about it and wait till they get bitten in the arse on this issue.
     
  7. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    Care to share the bug ID#?
     
  8. Specks

    Specks Well-Known Member

    Joined:
    Jul 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Sure, its #846
     
Loading...

Share This Page