28May/111
cPanel < 11.25 CSRF – upload shell CRSF
Nice news:
cPanel versions below and excluding 11.25 , are vulnerable to CSRF which
leads to uploading a PHP script of the attackers liking. If you have turned
off security tokens and referrer security check, no matter what version you
are using, you are vulnerable as well.
Proof of concept (PoC)
[cc lang="html"]
[/cc]
Afterwards simply check for ninjashell.php in the directory.
Author: You can always email me ninjashellmail a|t gmail |c|om or follow me on twitter
@ninjashell1337
Disclaimer
Categories
- android (1)
- antivirus (1)
- backup (1)
- backup exec (2)
- bruteforce (6)
- conference (2)
- CRSF (2)
- DirectAdmin (1)
- DoS (11)
- enumeration (2)
- Fără categorie (2)
- flash (2)
- Fuzzer (2)
- games (1)
- hacking (116)
- how-to (32)
- Information gathering (2)
- lfi (3)
- linux (27)
- mobile (1)
- ms exchange (2)
- News (2)
- Phishing (1)
- php (1)
- rdp (1)
- rfi (5)
- rootkit (1)
- scripts (33)
- seo (1)
- sniff (3)
- social engineering (2)
- source code (33)
- sqli (16)
- ssh (2)
- symantec (3)
- tools (73)
- tutorials (20)
- tutorials (1)
- Uncategorized (7)
- vranger (1)
- windows (12)
- wireless (1)
- wsus (1)
- xpath (1)
- xsrf (1)
- xss (12)
Tags
backup
backup exec
bruteforce
debian
directadmin
DoS
download
exploit
hack
hacking
how-to
install
install windows 7
lfi
linux
pentest
perl
php
poc
python
rfi
scanner
script
scripts
secure code
Security
security scanner
share
shell
social engineering
source code
sqli
SQL injection
sqli scanners
ssh
tool
tools
tutorial
upload shell
vbulletin
Web Application Scanner
windows
windows 7 usb
wordpress
xss
