aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)

EDB-ID:

48886

CVE:

N/A

EDB Verified:

Author:

Ünsal Furkan Harani

Type:

webapps

Exploit:   /  

Platform:

Python

Date:

2020-10-16

Vulnerable App: 
# Exploit Title: [aaPanel 6.6.6 - Authenticated Privilege Escalation]
# Google Dork: []
# Date: [04.05.2020]
# Exploit Author: [Ünsal Furkan Harani (Zemarkhos)]
# Vendor Homepage: [https://www.aapanel.com/](https://www.aapanel.com/)
# Software Link: [https://github.com/aaPanel/aaPanel](https://github.com/aaPanel/aaPanel)
# Version: [6.6.6] (REQUIRED)
# Tested on: [Linux ubuntu 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux]
# CVE : [CVE-2020-14421]

if you are logged was admin;

1- go to the crontab

2- select shell script and paste your reverse shell code

3- click execute button and you are now root.

because crontab.py running with root privileges.

Remote Code Execution

https://github.com/jenaye/aapanel
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services