cPanel Could Be Hacked Worldwide
[UPDATE: It seems that Clubhostcity.com Forums has now removed the post that I previously quoted here (see below), the post where they claim to have hacked cPanel.]
Posted: Admin @ Sat Feb 25, 2006 2:15 pm
There is no more “File Manager” on any web hosting accounts and that includes both PAID and FREE web hosting accounts !!!!!
Last week, a bug was discovered in the File Manager system that prevented anyone from creating new folders which is little more than an annoyance and nothing more.
Meanwhile, the bug in the new Cpanel version and their delay in getting out a fix for the problem caused us to do our own research into the issue to see if we could fix it ourselves.
Instead of finding a problem to the file creation bug, we instead accidentally discovered a massively enormous security problem with the file manager! We discovered a way to edit any files, on any web hosting account, at any service provider running Cpanel WITHOUT THE NEED TO LOGIN TO THE ACCOUNT !!!!!
Basically in a nutshell, we have discovered a way to hack every single Cpanel hosting account on the planet since everyone has the file manager feature enabled on their hosting services !!!!!
Based on this new discovery and coupled with the other unrelated bug, we are discontining support for the FILE MANAGER feature at Clubhost City for security reasons.