https://www.exploit-db.com/exploits/23804
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-051

cPanel9.1.0build34以及之前包括8.x的版本中”允许cPanel用户通过邮件重置密码”的功能存在漏洞。远程攻击者借助resetpass的user参数执行任意代码。

source: http://www.securityfocus.com/bid/9848/info

A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords.

An attacker may exploit this problem by crafting a malicious URI request for the affected script; the attacker may then supply shell metacharacters and arbitrary commands as a value for the affected variable.

http://www.example.com:2082/resetpass/?user=|">ls"|

来源:US-CERTVulnerabilityNote:VU#831534
名称:VU#831534
链接:http://www.kb.cert.org/vuls/id/831534
来源:XF
名称:cpanel-resetpass-execute-commands(15443)
链接:http://xforce.iss.net/xforce/xfdb/15443
来源:BID
名称:9848
链接:http://www.securityfocus.com/bid/9848
来源:BUGTRAQ
名称:20040311Cpanel8.*.*haveaproblem?
链接:http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0
来源:SECUNIA
名称:11111
链接:http://secunia.com/advisories/11111
来源:BUGTRAQ
名称:20040311cPanelSecuirtyAdvisoryCPANEL-2004:01-01
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107904890724201&w;=2