|
-
March 21st, 2003, 12:38 PM
#1
Cpanel5
Well as some of you may know there is a remote exploit doing the rounds for cpanel5
sicne there is a new form for web security i thought it would fit right in here  . The bug lies in the guestbook and is easyily highjackable with a browser and there is proof of concept code been released but i will not post it or link to it i will give you an example of the webbrowser way to take advantage of it :NOTE i will change a few things in the URL so people wont go around copy pasteing it here is the example
.ww.victim.com/cgi-sys/guestbook.cgi?luser=meh&template=|id.|
now that is easily took advantage of and the proof of concept code spawns a bash shell
well i have been looking around http://www.cpanel.net
and to my msfortune couldnt find a link to a patch and i cant even provide a patch because i dont use cpanel5 and probably never will so my advice the now is to not let unotorized users acess cgi-sys
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
http://muaythaiscotland.com/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote