|
Full Disclosure
mailing list archives
Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access.
From: "Zackarin Smitz" <zackerius12 () linuxmail org>
Date: Mon, 06 Jun 2005 13:59:54 +0800
Subject:
Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access.
Severity:
High; This vulnerability allows an attacker to modify DNS information for a client's domain.
Preamble:
(Taken from http://www.lpanel.net/)
Lpanel is a Complete Web Hosting Billing & Automation Suite that installs over cPanel, WHM.
Created from the ground up from cPanel by web hosting administrators, Lpanel has everything a cPanel hosting business
needs and will ever need. Constantly expanding to meet the quickly developing web hosting market, Lpanel is the only
complete management solution available today for cPanel web hosts. From multi-staff tiers, automated signups, reseller
management, network utilities, automated SSL, as well as a full array of Added Services and detailed efficiency
reports - Lpanel is always steps ahead of the rest.
Problem:
The editdomain GET variable of domains.php (i.e.
http://yourdomain.com/lpanel/help/domains.php?editdomain=someotherdomain.com) is not authenticated in anyway against
the currently logged in user. As such, an attacker with a user account on the system can replace the domain specified
by the editdomain variable with another domain maintained by the system, and gain access to the editing of that
domain's details, and the modification of them.
Workaround:
This bug can be fixed by checking that the currently logged in user owns the domain specified by the editdomain GET
variable.
Vendor Contact:
Lpanel.NET's Lpanel
URL: http://www.lpanel.net/
Email: sales () lpanel net (I was unable to find a more relevant email contact)
Mailing Address:
Lpanel.NET
PO Box 940876
Miami, Florida 33194-0056
United States
Phone: 614-441-4838
Disclosure Timeline:
Vendor Notified: June 6, 2005
Public Release: June 6, 2005
About the Author:
The author is in between life paths at the moment, but is currently a software engineer at a company to remain unnamed.
When not at his computer, the author enjoys doing a great many things, most of which he has lost all time for, or lacks
people to do those things with in his current lifestyle. As such he finds more time for work, or just visits
Blockbuster, and when all else fails, fabricates reports such as this.
The author is posting this message anonymously in order to avoid potential legal consequences, although he is having
trouble seeing any potential consequences as feasible, considering the vendor does not release a plain-text version of
their license (the license is actually encoded, and when viewed, renders a PHP parse error).
Greets:
I'd like to say hi to the team with which I work; you're all great. I'd also like to say hello to swoolley and
tautology.
--
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access. Zackarin Smitz (Jun 05)
|
Intro
