aaPanel 6.6.6 Privilege Escalation

aaPanel version 6.6.6 suffers from an authenticated privilege escalation vulnerability.


MD5 | ac5ca21c395c29533c6fbe1f9acd7f8e

# Exploit Title: [aaPanel 6.6.6 - Authenticated Privilege Escalation]
# Google Dork: []
# Date: [04.05.2020]
# Exploit Author: [Ünsal Furkan Harani (Zemarkhos)]
# Vendor Homepage: [https://www.aapanel.com/](https://www.aapanel.com/)
# Software Link: [https://github.com/aaPanel/aaPanel](https://github.com/aaPanel/aaPanel)
# Version: [6.6.6] (REQUIRED)
# Tested on: [Linux ubuntu 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux]
# CVE : [CVE-2020-14421]

if you are logged was admin;

1- go to the crontab

2- select shell script and paste your reverse shell code

3- click execute button and you are now root.

because crontab.py running with root privileges.

Remote Code Execution

https://github.com/jenaye/aapanel

Related Posts