cPanel bwday.html View Unauthorized Domain Statistics

2004-04-14T09:39:00
ID OSVDB:6942
Type osvdb
Reporter Luis Fernando()
Modified 2004-04-14T09:39:00

Description

Vulnerability Description

cPanel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL is sent to the "detailbw.html" page, which will disclose private information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

cPanel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL is sent to the "detailbw.html" page, which will disclose private information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/frontend/x/stats/detailbw.html?mon=Apr&year=2004&domain=[SOME_OTHER_USER_DOMAIN]&target=[SOME_OTHER_USER_LOGIN]

References:

Vendor URL: http://www.cpanel.net/ Related OSVDB ID: 6943 Related OSVDB ID: 6941 Other Advisory URL: http://bugzilla.cpanel.net/show_bug.cgi?id=306