Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 08-30-2006, 07:24 PM   #1
Daemon Poster
mayorredbeard's Avatar
Join Date: Nov 2004
Posts: 1,246
Unhappy CPanel exploit?

I was bored, and decided to put /cPanel after the url of a lot of websites. For many of which that brings up a control panel login, and from which you can pretty much do as you please with the site.

Suprisingly a lot of sites use this tool, and very easily i was able to bring up the login screen without any preliminary screening. I would think that sites, (especially the sites that contained sensitive information such as SSN's, credit card numbers, etc. etc) would do something to prevent me from even acessing the cPanel login screen, such as an IP filter. Or some kind of extra layer of security. Of the 20 websites (all either ecommerce sites in which sensitive information could be obtained from) i tested (i wont disclose the URL's so people with malicious intent don't do anything stupid), 15 of them I was able to easily acess the cPanel page.

Anyone whos ever run a website knows that there is a default login to most adminastration tools. Very common usernames and passwords. Right now i can think of about 10 different common usernames and about 5 common passwords. By simply trying combinations of the both (i was bored, shutup, this is what i do with my free time :-D) i was able to get adminastrative access to 5 of the sites.

Is this just dumb luck on my part, or does this pose a security threat? I mean, lots of people buy things online, and if i wanted to i could of either setup a fake site on the domain so certain information would be sent to my inbox when a client submitted an order, or some other evil thing to obtain sensitive information.

I've never really tried hacking before, (if you can call it that), but this just seems too simple. This post is both a warning to people who have not changed their default cpanel login, and a shocking story that should reveal to all of us that buying things on the internet is not as safe as it may seem.

EDIT: Every site that i was able to get adminastrative access to i informed the owner of the website of what i did (annominously of course :-P), and told them they should change their password.

Karma/rep is always appreciated
01010010011001010110010001100010011001010110000101 11001001100100

There are only 10 kinds of people in this world. Those who can read binary, and those who can't.
mayorredbeard is offline   Reply With Quote
Old 09-03-2006, 03:47 PM   #2
The Candy Man
~mr mixx~'s Avatar
Join Date: Jun 2004
Location: USA
Posts: 10,761
Default Re: CPanel exploit?

i don't think your on to anything big here, i tried that with 5 different sites and just got a 404 error.

" Let the music move you "
~mr mixx~ is offline   Reply With Quote
Old 09-03-2006, 09:43 PM   #3
Baseband Member
Join Date: Oct 2005
Posts: 53
Default Re: CPanel exploit?

he did find something, its just that is pretty well known. You can find literally thousands of sites using inurl: in google that have this exploit.

and just for the record, that was hacking. gratz.
band-aid is offline   Reply With Quote
Old 09-03-2006, 10:45 PM   #4
Deathstar's Avatar
Join Date: Mar 2006
Posts: 756
Default Re: CPanel exploit?

I'd laugh if they had ip loggers running and the FBI are on their way
Deathstar is offline   Reply With Quote
Old 09-06-2006, 12:51 AM   #5
Baseband Member
Join Date: Jul 2006
Posts: 75
Send a message via AIM to hypetech Send a message via MSN to hypetech Send a message via Yahoo to hypetech
Default Re: CPanel exploit?

well IP filtering on a CPanel is a bit of overkill, mainly because if you want to log in from any random location, you would have to use some time of Dynamic DNS solution. The authentication process alone should be enough to protect the administrative side of your site, with a decent password. Anyone who leaves their password as the default is just asking for trouble. This isn't really an "exploit" as it isn't due to a defect in the code, it's more of an ID-10-T error :-D Furthermore, I'm calling BS on the fact that you "randomly" accessed 5 cpanel logins with well known user name and password combinations, mainly because any host that makes you a cpanel account applies the permissions to your user name and password with their services, and it is very doubtful that a user-chosen password is a CPanel default password. At rates of ~$1500 a month or some crazy amount like that, it's unlikely that a home user would be running a default CPanel config. Also the odds of you hitting 5 sites with this weakness are pretty preposterous. Either way, it should remind you that no matter how mundane the access seems to you, it should always be protected with a "strong" password.
http://www.ubermafia.com -- Welcome to the Ubermafia

Web hosting -- http://www.edthosting.com
hypetech is offline   Reply With Quote
Old 09-20-2006, 06:35 PM   #6
Daemon Poster
RewtGuy's Avatar
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: CPanel exploit?

You'd be suprised at how many have smile default guessable passwords. Sure it's hacking, you're getting something to do what it wasn't ment to.

The rates aren't near 1500 a month. 1225 for a lifetime license. Also provided free to educational groups. Also, I bet you could get it off a torrent.

Hypetech: You're right though security through obscurity isn't security at all. A strong password for sensative data is a must!

Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 06:33 AM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0