@@ -19,17 +19,19 @@ def initialize(info = {})
1919 'Name' => 'Zpanel Remote Unauthenticated RCE' ,
2020 'Description' => %q{
2121 This module exploits an information disclosure vulnerability
22- found in Zpanel <= 10.1.0. The vulnerability is due to a
23- vulnerable version of pChart allowing remote, unauthenticated,
24- users to read arbitrary files found on the filesystem . This
25- particular module utilizes this vulnerability to identify the
26- username/password combination of the MySQL instance. With the
22+ in Zpanel. The vulnerability is due to a vulnerable version
23+ of pChart used by ZPanel that allows unauthenticated users to read
24+ arbitrary files remotely on the file system . This particular module
25+ utilizes this vulnerability to identify the username/password
26+ combination of the MySQL instance. With the
2727 credentials the attackers can login to PHPMyAdmin and execute
2828 SQL commands to drop a malicious payload on the filesystem and
2929 call it leading to remote code execution.
3030 } ,
3131 'Author' =>
3232 [
33+ 'Balazs Makany' , # pChart vuln discovery
34+ 'Jose Antonio Perez' , # Found vulnerable version of pChart on ZPanel
3335 'dawn isabel' ,
3436 'brad wolfe' ,
3537 'brent morris' ,
@@ -38,12 +40,10 @@ def initialize(info = {})
3840 'License' => MSF_LICENSE ,
3941 'References' =>
4042 [
41- [ 'CVE' , '2013-2097' ] ,
42- [ 'EDB' , '31173' ] , # pChart
43- [ 'OSVDB' , '102595' ] , # pChart
44- [ 'URL' , 'http://bugs.zpanelcp.com/view.php?id=665' ] ,
45- [ 'URL' , 'http://seclists.org/fulldisclosure/2013/Jun/39' ] ,
46- [ 'URL' , 'http://www.reddit.com/r/netsec/comments/1ee0eg/zpanel_support_team_calls_forum_user_fucken/' ]
43+ [ 'EDB' , '31173' ] , # vulnerable version of pChart used by zpanel
44+ [ 'OSVDB' , '102595' ] , # vulnerable version of pChart used by zpanel
45+ [ 'URL' , 'http://blog.0xlabs.com/2014/03/zpanel-10.1.x-remote-root.html' ] ,
46+ [ 'URL' , 'http://pastebin.com/y5Pf4Yms' ]
4747 ] ,
4848 'Payload' =>
4949 {
0 commit comments