Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

cpanelInject.txt

๐Ÿ—“๏ธย 10 Jun 2004ย 00:00:00Reported byย verb0sTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 13ย Views

Major bug found in cPanel allows password injection for reseller accounts. Update cPanel immediately.

Show more
Code
`  
  
Major Bug found 6/7/04  
  
Discovered by Verb0s   
  
Reseller accounts with cpanel, in the password modification page, can insert a basic injection ex:http://(domain):2086/scripts/passwd?password=<>&domain=<>&user=<>  
  
The code will modify all the mysql database passwords, in which the reseller shouldnb't have permissions. From there, someone could take over someones site that may be sql based, on the same server as them.   
  
How to fix the problem:  
  
After my immediate contact with cpanel. they updated and fixed all permission problems : 6/8/04  
  
Update your Cpanel ASAP  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Jun 2004 00:00Current
7.4High risk
Vulners AI Score7.4
exploit bug password injection cpanel reseller accounts mysql permissions
13
.json
Report