aaPanel 6.6.6 – Privilege Escalation & Remote Code Execution (Authenticated)

• Exploit Database
• 19 阅读

• 作者： Ünsal Furkan Harani
  日期： 2020-10-16
• 类别：

  • webapps
  平台：

  • Python
• 来源：https://www.exploit-db.com/exploits/48886/

• # Exploit Title: [aaPanel 6.6.6 - Authenticated Privilege Escalation]
  # Google Dork: []
  # Date: [04.05.2020]
  # Exploit Author: [Ünsal Furkan Harani (Zemarkhos)]
  # Vendor Homepage: [https://www.aapanel.com/](https://www.aapanel.com/)
  # Software Link: [https://github.com/aaPanel/aaPanel](https://github.com/aaPanel/aaPanel)
  # Version: [6.6.6] (REQUIRED)
  # Tested on: [Linux ubuntu 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux]
  # CVE : [CVE-2020-14421]
  
  if you are logged was admin;
  
  1- go to the crontab
  
  2- select shell script and paste your reverse shell code
  
  3- click execute button and you are now root.
  
  because crontab.py running with root privileges.
  
  Remote Code Execution
  
  https://github.com/jenaye/aapanel