cPanel License Activation - Bypass with Redirect to phpMyAdmin
Konuyu gizlemeyecem , umarım üyelerimiz gizlememizi gerektirmeden gerekli teşekkürü ederler.
Konuyu gizlemeyecem , umarım üyelerimiz gizlememizi gerektirmeden gerekli teşekkürü ederler.
Kod:
#Title : cPanel License Activation - Bypass with Redirect to phpMyAdmin
#Author : DevilScreaM
#Date : 03 Desember 2014
#Vendor : http://cpanel.net
#Category : Web Applications
This bug for bypass cPanel License Activation
Example cPanel License Activation :
http://i62.tinypic.com/2rxz3g7.png
Bug on :
/3rdparty/phpMyAdmin/index.php
=======================================================================
#Manual POC :
1. Login to your cPanel Account
2. Copy Your Token, Example token : cpsess724866836
3. Go to URL :
http://127.0.0.1/2082/cpsess724866836/3rdparty/phpMyAdmin/index.php
4. Success Login to your phpMyAdmin
=======================================================================
#POC with Code :
<title>Bypass cPanel License Activation to phpMyAdmin</title>
<b>This Exploit only for Owner, You must login to your cPanel</b>
<form method='post'>Https or Http</br>
<input type='text' name='ht' value='http' size='20'></br>IP Server cPanel<br>
<input type='text' name='ip' size='20'></br>Port (2082 or 2083)</br>
<input type='text' name='port' size='20'></br>Token ( Example : cpsess79861185674)</br>
<input type='text' name='token' size='20'></br>
<input type='submit' name='submit' value='submit'></form>
Coded by <b>devilscream@newbie-security.or.id</b>
<?php
error_reporting(0);
$u = $_POST['ht'];
$ip = $_POST['ip'];
$port = $_POST['port'];
$token = $_POST['token'];
if(!isset($ip)){
}else{
$result = "".$u."://".$ip.":".$port."/".$token."/3rdparty/phpMyAdmin/index.php";
header("location: $result");
}
?>
