lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 7 Mar 2006 16:48:31 -0000
From: Silversmith@...iyane.com
To: bugtraq@...urityfocus.com
Subject: Cpanel Path Disclosure Vulnerability


Cpanel hsa the vulnerability to discover the path of the files

exp:

loginto your cpanel account
goto fantastico
try to install one of the scripts ! exp: 4images
if the server set a permission on the /tmp , cpanel tmp files yuo should see this 

Warning: main(/home/userid/public_html/fantversion.php): failed to open stream: Permission denied in /tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 360

Warning: main(): Failed opening '/home/userid/public_html/fantversion.php' for inclusion (include_path='/usr/local/cpanel/3rdparty/lib/php/:.') in /tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 360

Warning: fopen(/home/cpanel/.fantasticodata/soholaunch.cache): failed to open stream: Permission denied in /tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 298


Ashiyane Digital Security Team

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ