RVSiteBuilder – Content Disclosure (Root Access) (R911-0031)

Type: Content Disclosure (Root Access)
Impact: High
Product: RVSiteBuilder
Website: http://www.rvsitebuilder.com
Vulnerable Version: 5.0.31
Fixed Version: 5.0.33
CVE: -
R911: 0031
Date: 2013-06-24
By: http://www.rack911.com

Product Description:

RVSiteBuilder is browser based sitebuilding software that installs directly into cPanel. Its easy-to-follow workflow, social media plugins, and robust content management features makes it easy for even non-programmers to create, market, and maintain a high-end web presence.

Vulnerability Description:

There is a flaw within a certain RVSiteBuilder file that is accessible to resellers that allows an attacker to read any file on the server regardless of ownership when using a hardlink to the target file.

Note: This flaw is allowed to exist because of a fundamental security failure within WHM that executes all plugins as root.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.


We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be viewed regardless of ownership, including root files such as /etc/shadow.

Vulnerable Version:

This vulnerability was tested against RVSiteBuilder v5.0.31 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in RVSiteBuilder v5.0.33.

Vendor Contact Timeline:

2013-06-05: Vendor contacted via email.
2013-06-05: Vendor confirms vulnerability.
2013-06-17: Vendor issues update.
2013-06-24: Rack911 issues security advisory.