Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » cPanel File Manager vulnerability

cPanel File Manager vulnerability

by Nikola Strahija on February 28th, 2006 A vulnerability was discovered in the File Manager feature of the popular cPanel web hosting system. Presumably, any file hosted on a cPanel server with File Manager editor can be edited without any authorization.


The problem lies in the WysiwygPro Editor included in the cPanel File Manager. As reported by cPanel staff, a fix for this vulnerability is being tested in the EDGE version of cPanel.

I tried to disable the file manager by doing the following:
WHM > "Packages" > "Feature Manager" > Default list Edit > Untick File Manager > Save (then restarted cPanel /etc/init.d/cpanel restart)

The File Manager was still accessible (via it's known URL) and enabled although it wasn't shown in the cpanel home.






Workaround
By running: "chmod 000 /usr/local/cpanel/3rdparty/WysiwygPro" the WysiwygPro editor is disabled.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »