Tweet
If you click on Show File in cPanel and the file contains either $user or $password, it will display your user name and password in place of the two variables. Apparently, the file is getting parsed for any variable names that correspond to those in the scope of the script, which are then replaced with the variables' values, prior to being sent to the user.
This is a minor issue, as you are not getting any information you do not already know, but if there are any variables in the Show File script that contain sensitive information, such as information that can could be used for privilege elevation, it would be explosed to everyone on a given server.
In addition, this demonstrates that cPanel stores user passwords in plain text, instead of MD5/SHA1 hashing them, which is a security issue in itself, as if someone were to hack into a server, he would be able to steal the passwords for every cPanel account on the server, which most likely correspond to passwords for accounts on other servers.
I discovered this today, as I happened to open one of my scripts in file manager and I noticed my username and password in the script, even though they are not in the script.
This is a minor issue, as you are not getting any information you do not already know, but if there are any variables in the Show File script that contain sensitive information, such as information that can could be used for privilege elevation, it would be explosed to everyone on a given server.
In addition, this demonstrates that cPanel stores user passwords in plain text, instead of MD5/SHA1 hashing them, which is a security issue in itself, as if someone were to hack into a server, he would be able to steal the passwords for every cPanel account on the server, which most likely correspond to passwords for accounts on other servers.
I discovered this today, as I happened to open one of my scripts in file manager and I noticed my username and password in the script, even though they are not in the script.
Comment