Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

eForum 0.4 XSS

[SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting

Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125

From:	xx_hack_xx_2004_(at)_hotmail.com <xx_hack_xx_2004_(at)_hotmail.com>
Date:	18.03.2008
Subject:	cPanel 11.x => List Directories and Folders

Hello,,

I Discovered a new bug in cPanel to show the directions (Folders Only) on the server

in Disk Usage part

for example, I tried to see the folders in /etc

and it worked !

that would show you a list of directions of folders

and that including programes on the server, this could be dangerous !

the attacker may use the exploit to see programes on the server and find bugs for them

also you may see the directions of backups in the server

also you have the permission to see the folders in other websites on the server which is been
protected by firewall


tested on / cPanel version 11.18.3

to see more information & Exploits for this bug /

http://www.lezr.com/exploits/id/156

Discovered by Linux_Drox

Best Regards,,

L-G-H TEAM

LeZr.Com Group : The Arab Center For Pirates
www.LeZr.Com