online security computer security vulnerabilities information security
pix Xatrix Security
 
pix
Main
Security
Downloads
Forum
Free e-books
Security
Advisories
Vulnerabilities
IT News
Virus Central
Services
Advertise
Newsletter
Shop
Search
Wap-PDA/mobile
Other
Affiliates
Contact
RSS feeds
Computer, Online and Information Security News
  Show printable version  Show printable version  |   Send this article to a friend  Send this article to a friend  

cPanel File Manager vulnerability
Posted by: Nikola Strahija on Februrary 28, 2006

A vulnerability was discovered in the File Manager feature of the popular cPanel web
hosting system. Presumably, any file hosted on a cPanel server with File Manager editor
can be edited without any authorization.
The problem lies in the WysiwygPro Editor included in the cPanel File Manager. As reported by cPanel staff, a fix for this vulnerability is being tested in the EDGE version of cPanel.

I tried to disable the file manager by doing the following:
WHM > "Packages" > "Feature Manager" > Default list Edit > Untick File Manager > Save (then restarted cPanel /etc/init.d/cpanel restart)

The File Manager was still accessible (via it's known URL) and enabled although it wasn't shown in the cpanel home.






Workaround
By running: "chmod 000 /usr/local/cpanel/3rdparty/WysiwygPro" the WysiwygPro editor is disabled.
Xatrix Security
Show printable version  Show printable version  |   Send this article to a friend  Send this article to a friend  
Latest information, online and computer Security News
Unreleased ‘Hackers Wanted’ Movie Lea...  (May 22, 2010)
Hack Attack: Get Windows XP SP3 Throu...  (Nov 29, 2007)
TPB files charges against media compa...  (Sep 22, 2007)
Storm worm: again.  (Aug 7, 2007)
Onslaught on .ORGs  (Feb 7, 2007)
Latest Vendor Advisories
Firefox vulnerabilities
Ruby safe-level vulnerability
Seamonkey critical security vulnerabilities
Drupal several remote vulnerabilities
Kernel local race condition
  Our Services     Information     Our Online Shop     Community Forum Topics
  Free weekly Newsletter
Advertise on Xatrix
Monthly News Archive
Community Forum		   Impressum/about
Contributing
Newsletter archive
Latest bugs		   Top sellers
New Items
Books
Software		   Xilisoft DVD Ripper...
RM Qual
OnlineCrypter - Ano...
www.nikeshoeswarm.c...
Our Privacy Policy | Contact Us
Powered by TiP / Rapid IT | HITB.org
All content on this website is property of Xatrix Security if not noted otherwise.
Copyright 2000 - 2010 Xatrix Security
Get news on your PDA or mobile phone Latest events Search our extensive database Get the latest books and software Download the latest tools Contact Us Advertise on Xatrix Security