#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

cPanel hacking | Breaking Cybersecurity News | The Hacker News

Category — cPanel hacking
Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released

Oct 06, 2013
WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as ' localhost ' on October 3rd, 2013 and also reported by several users on various Hosting related Forums . He also released a  proof-of-concept exploit code  for this SQL injection vulnerability in WHMCS. WHMCS says , as the updates have " critical security impacts .", enables attackers to execute SQL injection attacks against WHMCS deployments in order to extract or modify sensitive information from their databases i.e. Including information about existing accounts, their hashed passwords, which can result in the compromise of the administrator account. Yesterday a group of Palestinian hackers , named as KDMS Team  possibly used the same vulnerability against...
cPanel and WHM Multiple Cross Site Scripting Vulnerabilities

cPanel and WHM Multiple Cross Site Scripting Vulnerabilities

Dec 27, 2012
cPanel is a Unix based  fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of  cPanel & WHM is 11.34, which is  v ulnerable  to multiple cross site scripting. During my bug hunting process, today I ( Christy Philip Mathew )  discovered some serious XSS v ulnerabilities in  official cPanel, WHM. It also impact on the  latest version of software. This week, Rafay Baloch (Pakistani white hat hacker) also discovered another reflective cross site scripting vulnerability in  cPanel at manage.html . The interesting part would be the whole demonstration I done with the Official cPanel Demo located at https://cpanel.net/demo/ location, can be accessed via demo user & password provided by cPanel website itself i.e.  https://demo.cpanel.net:2086/login/?user=demo&pass=demo These  vulnerabilit...
What Is Attack Surface Management?

What Is Attack Surface Management?

Feb 03, 2025Attack Surface Management
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important. In this guide, we look at why attack surfaces are growing and how to monitor and manage them properly with  tools like Intruder . Let's dive in. What is your attack surface? First, it's important to understand what we mean when we talk about an attack surface. An attack surface is the sum of your digital assets that are 'reachable' by an attacker – whether they are secure or vulnerable, known or unknown, in active use or not. You can also have both internal and external attack surfaces - imagine for example a malicious email attachment landing in a colleague's inbox, vs a new FTP server being...
Expert Insights / Articles Videos
Cybersecurity Resources