[Full-disclosure] Cpanel Admin login (username) Disclosure
h4cky0u.org at gmail.com
Wed Feb 8 10:35:50 GMT 2006
Yup i could reproduce that with all the sites i tried it on.
On 2/8/06, Sumit Siddharth <sumit.siddharth at gmail.com> wrote:
> Hi, could somebody kindly confirm this.
> When a null username and a null password is provided in the cpanel
> administration, port 2082, (basic authorization prompt) and then cancelling
> the prompt the second time, the webpage presents a hyperlink to reset the
> password which contains valid username for the cpanel administration.
> Sumit Siddharth
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
(In)Security at its best...
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.