Script : Cpanel 11.x
Type : Local File Inclusion & Cross Site Scripting
Risk : High
Discovered by : Khashayar Fereidani
**** I am 17 Years Old****
My Official Website : HTTP://FEREIDANI.IR
Team Website : Http://IRCRASH.COM
Team Members : Khashayar Fereidani - Hadi Kiamarsi - Sina YazdanMehr
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
Local File Inclusion Vulnerability :
Note : Rename your shell to config.php and upload with your ftp account in ./ directory … , now
login in cpanel and
enter vulnerable address in url …
Cross site scripting :
File Address :
frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade%20to%201.7.4
Set Action as Upgrade%20to%201.7.4
Vulnerable Variables :
$localapp
$updatedir
$scriptpath_show
$domain_show
$thispage
$thisapp
$currentversion
Tnx : God
HTTP://IRCRASH.COM HTTP://FEREIDANI.IR