SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  cPanel Vendors:  cPanel, Inc.
cPanel 'killacct' May Let Remote Authenticated Administrators Delete Accounts Belonging to Other Administrators
SecurityTracker Alert ID:  1010398
SecurityTracker URL:  http://securitytracker.com/id?1010398
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 4 2004
Impact:  Denial of service via network, Modification of user information
Exploit Included:  Yes  
Description:  A vulnerability was reported in cPanel. A remote authenticated administrator can delete DNS information for other accounts belonging to other customers.

qbann targ reported that a remote authenticated administrator can invoke '/scripts/killacct' to delete the DNS information for other customer accounts that are not the administrator's customer accounts. This can reportedly be achieved by setting a specially crafted cookie of the following form:

:2086/scripts/killacct?domain=(domain)&user=(user)&submit-domain=Terminate

The report credits verb0s with discovering this flaw.
Impact:  A remote authenticated administrator can delete the DNS information for other customer accounts that are not the administrator's customer accounts.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.cpanel.net/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  qbann targ <web@atomicrealms.com>
Message History:   None.

 Source Message Contents
Date:  4 Jun 2004 03:46:18 -0000
From:  qbann targ <web@atomicrealms.com>
Subject:  CPANEL Vuln : HTML injection

 



Cpanel Resellers just can use an exploit in 
the /scripts/killacct to delete one of my other customers accounts(only the 
DNS info) not owned by him. All he had to do was create a fake account then 
delete it and look at the source code, view his cookies and 
discovered :2086/scripts/killacct?domain=(domain)&user=(user)&submit-
domain=Terminate . He ran it in his WHM with another of my customers domain 
and username and it deleted his name server entries. And of course his site 
won't show up anymore of course because of the dns info deleted. This would 
seem like a pretty serious error, correct me if I am wrong, but I think this 
issue should be addressed.

Discovered by : verb0s


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC