Reverse shell through email attachment called:
exploit.c.txt
disguised as:
explore.txt
DO NOT OPEN THESE ATTACHMENTS IN CPANEL's WEB MAIL!!!
http://forums.cpanel.net/f185/exploit-m ... 55625.html
RECENT CPANEL EXPLOIT
Moderator: Lixas
-
- Posts: 479
- Joined: Tue May 16, 2006 11:53 am
-
- Posts: 25
- Joined: Tue Jun 08, 2010 9:18 pm
-
- Posts: 479
- Joined: Tue May 16, 2006 11:53 am
Sorry For the little info I posted. I recently Noticed this posting on a exploit watch site.
AS i looked mroe into it the process of exploiting cpanel,xpanel and all other hosting control panels are all extreamly easy to exploit via email.
This is becuase cpanel and other rely on your email server to catch this. and cpanel will never have to deal with it.
How does this exploit work:
Cpanel's email clients use about 3 unknow simple cron jobs to handel emails to the clients( if used through cpanel).
When opening the file it exploits cpanels cron job and uses it to generate 40,000+ Useless cron jobs releated to outside site access. This will seriously drag your cpanel and most likley the server as well.
In many reported cases this exploit is server wide. and can cause reseller accounts to infect the admin and user accounts as well.
SO DONT OPEN!!
AS i looked mroe into it the process of exploiting cpanel,xpanel and all other hosting control panels are all extreamly easy to exploit via email.
This is becuase cpanel and other rely on your email server to catch this. and cpanel will never have to deal with it.
How does this exploit work:
Cpanel's email clients use about 3 unknow simple cron jobs to handel emails to the clients( if used through cpanel).
When opening the file it exploits cpanels cron job and uses it to generate 40,000+ Useless cron jobs releated to outside site access. This will seriously drag your cpanel and most likley the server as well.
In many reported cases this exploit is server wide. and can cause reseller accounts to infect the admin and user accounts as well.
SO DONT OPEN!!
Cpanel
Thanks for the warning, I usually dont read my cpanel mail but ill bare this in mind. Out of curioucity how did you come finding out about this exploit ?Freedom Fighter wrote:Sorry For the little info I posted. I recently Noticed this posting on a exploit watch site.
AS i looked mroe into it the process of exploiting cpanel,xpanel and all other hosting control panels are all extreamly easy to exploit via email.
This is becuase cpanel and other rely on your email server to catch this. and cpanel will never have to deal with it.
How does this exploit work:
Cpanel's email clients use about 3 unknow simple cron jobs to handel emails to the clients( if used through cpanel).
When opening the file it exploits cpanels cron job and uses it to generate 40,000+ Useless cron jobs releated to outside site access. This will seriously drag your cpanel and most likley the server as well.
In many reported cases this exploit is server wide. and can cause reseller accounts to infect the admin and user accounts as well.
SO DONT OPEN!!
.............................:: Spirit of Fire ::..................................
-
- Posts: 479
- Joined: Tue May 16, 2006 11:53 am
One thing I love to do is exploit codding. I now its a cheap thing to do but I stay in tune with that crowd for one reason... To protect my own a**.
There is no worry for this if you are using a mail client or forwarding your emails.
This exploit is only possible if you open the .txt attachment within squirlmail or via the cpanel in any way.