Full Disclosure mailing list archives

Re: Cpanel Admin login (username) Disclosure

From: h4cky0u <h4cky0u.org () gmail com>
Date: Wed, 8 Feb 2006 16:05:50 +0530

Yup i could reproduce that with all the sites i tried it on.

On 2/8/06, Sumit Siddharth <sumit.siddharth () gmail com> wrote:


Hi, could somebody kindly confirm this.
When a null username and a null password is provided in the cpanel
administration, port 2082, (basic authorization prompt) and then cancelling
the prompt the second time, the webpage presents a hyperlink to reset the
password which contains valid username for the cpanel administration.
Thanks
Sumit


--

Sumit Siddharth



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--
http://www.h4cky0u.org
(In)Security at its best...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Cpanel Admin login (username) Disclosure Sumit Siddharth (Feb 07)
- Re: Cpanel Admin login (username) Disclosure h4cky0u (Feb 08)