Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11725
HistoryMar 07, 2006 - 12:00 a.m.

Cpanel Path Disclosure Vulnerability

2006-03-0700:00:00
vulners.com
8
JSON

Cpanel hsa the vulnerability to discover the path of the files

exp:

loginto your cpanel account
goto fantastico
try to install one of the scripts ! exp: 4images
if the server set a permission on the /tmp , cpanel tmp files yuo should see this

Warning: main(/home/userid/public_html/fantversion.php): failed to open stream: Permission denied in
/tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 360

Warning: main(): Failed opening '/home/userid/public_html/fantversion.php' for inclusion
(include_path='/usr/local/cpanel/3rdparty/lib/php/:.') in
/tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 360

Warning: fopen(/home/cpanel/.fantasticodata/soholaunch.cache): failed to open stream: Permission denied in
/tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 298

Ashiyane Digital Security Team

JSON