Zpanel 10.1.0 Remote Unauthenticated Code Execution

Posted by deepcore on October 21, 2015 – 11:41 am

This Metasploit module exploits an information disclosure vulnerability found in Zpanel versions 10.1.0 and below. The vulnerability is due to a vulnerable version of pChart allowing remote, unauthenticated, users to read arbitrary files found on the filesystem. This particular module utilizes this vulnerability to identify the username/password combination of the MySQL instance. With the credentials the attackers can login to PHPMyAdmin and execute SQL commands to drop a malicious payload on the filesystem and call it leading to remote code execution.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« The First Rule Of Zero-Days Is No One Talks About Zero-Days [webapps] – Beckhoff CX9020 CPU Module – Remote Code Execution Exploit »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Zpanel 10.1.0 Remote Unauthenticated Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL