cPanel has had a very large impact on the hosting industry. This single company has enabled people to build their dreams overnight with $5 — the American dream. cPanel’s largest offerings to the industry have been the cPanel/WHM web-server management software. It’s actually pretty stellar software, and offers the systems administrator an abundant amount of tools to just get shit done on a large scale. The shared hosting market is huge — no, it’s colossal.
Shared hosting is essentially stuffing users onto one server allowing them to share the servers resources. I’ve seen cPanel servers with well over 1000 users. To an outside security researcher this would look like a rich opportunity to take one machine, with a very large reward. With cPanel each customer could have more than one website hosted in their account(sharing the same IP), meaning if even only a few accounts were compromised some-how in the shared stack the amount of data that could be at risk is pretty scary.
So, how could someone compromise a shared cPanel server, or at least enumerate it’s users? Well with Science of course!