97ece9d27b
11 changes to exploits/shellcodes Employee Management System 1.0 - Cross Site Scripting (Stored) Employee Management System 1.0 - Authentication Bypass Alumni Management System 1.0 - Authentication Bypass Company Visitor Management System (CVMS) 1.0 - Authentication Bypass Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated) aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated) Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated) Hotel Management System 1.0 - Remote Code Execution (Authenticated) Seat Reservation System 1.0 - Unauthenticated SQL Injection CS-Cart 1.3.3 - 'classes_dir' LFI CS-Cart 1.3.3 - authenticated RCE
23 lines
No EOL
787 B
Text
23 lines
No EOL
787 B
Text
# Exploit Title: [aaPanel 6.6.6 - Authenticated Privilege Escalation]
|
|
# Google Dork: []
|
|
# Date: [04.05.2020]
|
|
# Exploit Author: [Ünsal Furkan Harani (Zemarkhos)]
|
|
# Vendor Homepage: [https://www.aapanel.com/](https://www.aapanel.com/)
|
|
# Software Link: [https://github.com/aaPanel/aaPanel](https://github.com/aaPanel/aaPanel)
|
|
# Version: [6.6.6] (REQUIRED)
|
|
# Tested on: [Linux ubuntu 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux]
|
|
# CVE : [CVE-2020-14421]
|
|
|
|
if you are logged was admin;
|
|
|
|
1- go to the crontab
|
|
|
|
2- select shell script and paste your reverse shell code
|
|
|
|
3- click execute button and you are now root.
|
|
|
|
because crontab.py running with root privileges.
|
|
|
|
Remote Code Execution
|
|
|
|
https://github.com/jenaye/aapanel |