Exploit para cPanel - Cortesía de Exploit-DB

martes, 31 de mayo de 2011

# Exploit Title: cPanel < 11.25 CSRF - Add php script
# Date: 27.05.2011
# Author: ninjashell
# Software Link:
# Version: 11.25 (see details below)
# Tested on: Linux
# CVE : N/A
Como prueba de concepto real, pueden utilizar una shell escrita en php, pueden descargarla de o bien utilizar la Shell disponible en backtrack.

I. Introduction
cPanel versions below and excluding 11.25 , are vulnerable to CSRF which leads to uploading a PHP script of the attackers liking. If you have turned off security tokens and referrer security check, no matter what version you are using, you are vulnerable as well.

II. Proof of concept (PoC)

Afterwards simply check for ninjashell.php in the directory.

III. Counter-measures
All cPanel versions starting from 11.25 and above have two in-built security features to prevent such attacks - security tokens and referrer security check. This means that if you are a cpanel client, you should update your software.

IV. About the author.
- Ethical hacker;
- Freelance security consultant/penetration tester;
- Security researcher in the spare time;
- Over 12 years of experience;
You can always email me or follow me on twitter



Con la tecnología de Blogger.