yeah you can say
that..
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Soi, Dhruv
Sent: Wednesday, February 08, 2006 5:22 PM
To: [email protected]
Subject: RE: [linuxtechbiz] Cpanel Admin login (username) Disclosure
coool!
so most of the servers with remote management on Cpanel are on
big threat!
-D
-----Original Message-----
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Rahul Baweja
Sent: 09 February 2006 05:17
To: [email protected]
Subject: RE: [linuxtechbiz] Cpanel Admin login (username) Disclosure
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Rahul Baweja
Sent: 09 February 2006 05:17
To: [email protected]
Subject: RE: [linuxtechbiz] Cpanel Admin login (username) Disclosure
Basically if you have a\given an email ID in the admin it would send a link to reset the password on that ID.....and yes it does show a valid username ...old password is not required to reset ..
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Soi, Dhruv
Sent: Wednesday, February 08, 2006 5:11 PM
To: [email protected]
Subject: RE: [linuxtechbiz] Cpanel Admin login (username) Disclosuredoes it allow you to reset the password without asking the old password? or its just showing your the valid username and you need the old password to reset it?-----Original Message-----
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Rahul Baweja
Sent: 09 February 2006 04:59
To: [email protected]
Subject: RE: [linuxtechbiz] Cpanel Admin login (username) DisclosureHi Dhruv...same here ... even I could do that..Rahul
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Soi, Dhruv
Sent: Wednesday, February 08, 2006 4:18 PM
To: [email protected]
Subject: [linuxtechbiz] Cpanel Admin login (username) DisclosureWould anyone from group like to try this and confirm back to us?-DSubject: Re: [Full-disclosure] Cpanel Admin login (username) DisclosureYup i could reproduce that with all the sites i tried it on.
On 2/8/06, Sumit Siddharth <[EMAIL PROTECTED]> wrote:Hi, could somebody kindly confirm this.
When a null username and a null password is provided in the cpanel administration, port 2082, (basic authorization prompt) and then cancelling the prompt the second time, the webpage presents a hyperlink to reset the password which contains valid username for the cpanel administration.
Thanks
Sumit
--
Sumit Siddharth
SPONSORED LINKS
| Computer security | Communication and networking | Computer memory |
| Computer training |
YAHOO! GROUPS LINKS
- Visit your group "linuxtechbiz" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
