<<< Date Index >>>     <<< Thread Index >>>

Cpanel Path Disclosure Vulnerability



Cpanel hsa the vulnerability to discover the path of the files

exp:

loginto your cpanel account
goto fantastico
try to install one of the scripts ! exp: 4images
if the server set a permission on the /tmp , cpanel tmp files yuo should see 
this 

Warning: main(/home/userid/public_html/fantversion.php): failed to open stream: 
Permission denied in /tmp/cpanel_phpengine.1141746169.139471667.34290848584 on 
line 360

Warning: main(): Failed opening '/home/userid/public_html/fantversion.php' for 
inclusion (include_path='/usr/local/cpanel/3rdparty/lib/php/:.') in 
/tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 360

Warning: fopen(/home/cpanel/.fantasticodata/soholaunch.cache): failed to open 
stream: Permission denied in 
/tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 298


Ashiyane Digital Security Team