Cpanel Path Disclosure Vulnerability
Cpanel hsa the vulnerability to discover the path of the files
exp:
loginto your cpanel account
goto fantastico
try to install one of the scripts ! exp: 4images
if the server set a permission on the /tmp , cpanel tmp files yuo should see
this
Warning: main(/home/userid/public_html/fantversion.php): failed to open stream:
Permission denied in /tmp/cpanel_phpengine.1141746169.139471667.34290848584 on
line 360
Warning: main(): Failed opening '/home/userid/public_html/fantversion.php' for
inclusion (include_path='/usr/local/cpanel/3rdparty/lib/php/:.') in
/tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 360
Warning: fopen(/home/cpanel/.fantasticodata/soholaunch.cache): failed to open
stream: Permission denied in
/tmp/cpanel_phpengine.1141746169.139471667.34290848584 on line 298
Ashiyane Digital Security Team