cPanel erredit.html Arbitrary File Access

2004-03-13T00:00:00
ID OSVDB:4216
Type osvdb
Reporter Sullo(sullo@cirt.net)
Modified 2004-03-13T00:00:00

Description

Vulnerability Description

cPanel contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the erredit.html script not properly validating the "dir" and "file" variables. If an attacker requests an arbitrary file under the right configuration, it will be displayed.

Technical Description

An attacker can only retrieve files in the user's directories with the user's permissions (like File Manager), however this allows file retrieval if the server admin has disabled file manager and command line access.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

cPanel contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the erredit.html script not properly validating the "dir" and "file" variables. If an attacker requests an arbitrary file under the right configuration, it will be displayed.

Manual Testing Notes

http://[victim]/frontend/x2/err/erredit.html?dir=/etc&file=shadow

References:

Other Advisory URL: http://www.cirt.net/advisories/cpanel_file.shtml