Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Major Cpanel Expliot HTML Injection
From: Virtual Nova Web Hosting services virtualnova.net <verb0s () virtualnova net>
Date: 9 Jun 2004 04:04:51 -0000


Major Bug found 6/7/04

Discovered by Verb0s 

Reseller accounts with cpanel, in the password modification page, can insert a basic injection 
ex:http://(domain):2086/scripts/passwd?password=<>&domain=<>&user=<>

The code will modify all the mysql database passwords, in which the reseller shouldnb't have permissions. From there, 
someone could take over someones site that may be sql based, on the same server as them. 

How to fix the problem:

After my immediate contact with cpanel. they updated and fixed all permission problems : 6/8/04

Update your Cpanel ASAP

  By Date           By Thread  

Current thread:
  • Major Cpanel Expliot HTML Injection Virtual Nova Web Hosting services virtualnova . net (Jun 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]