aaPanel version 6.6.6 suffers from an authenticated privilege escalation vulnerability.
2211537a3452ffe270f5fed8d6ec95d21b646d444f61e5906a69cb83b03590c7# Exploit Title: [aaPanel 6.6.6 - Authenticated Privilege Escalation]
# Google Dork: []
# Date: [04.05.2020]
# Exploit Author: [Ünsal Furkan Harani (Zemarkhos)]
# Vendor Homepage: [https://www.aapanel.com/](https://www.aapanel.com/)
# Software Link: [https://github.com/aaPanel/aaPanel](https://github.com/aaPanel/aaPanel)
# Version: [6.6.6] (REQUIRED)
# Tested on: [Linux ubuntu 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux]
# CVE : [CVE-2020-14421]
if you are logged was admin;
1- go to the crontab
2- select shell script and paste your reverse shell code
3- click execute button and you are now root.
because crontab.py running with root privileges.
Remote Code Execution
https://github.com/jenaye/aapanel
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed