Nice news:

cPanel versions below and excluding 11.25 , are vulnerable to CSRF which
leads to uploading a PHP script of the attackers liking. If you have turned
off security tokens and referrer security check, no matter what version you
are using, you are vulnerable as well.

Proof of concept (PoC)

 

[cc lang=”html”]

value=”“>


 

[/cc]

Afterwards simply check for ninjashell.php in the directory.

Source

Author: You can always email me ninjashellmail a|t gmail |c|om or follow me on twitter
@ninjashell1337