New exploit vestacp_exec
Re: New exploit vestacp_exec
Basicly, dpeca has already patched the issues on github, but Serghey seems to be offline since a long time - he's the only one who can publish a new version to the repository.
Disclaimer: I stopped any work on vesta due to my work on my own fork - just want that users are aware of the possible fixes of the current exploits.
viewtopic.php?f=10&t=19714
Disclaimer: I stopped any work on vesta due to my work on my own fork - just want that users are aware of the possible fixes of the current exploits.
viewtopic.php?f=10&t=19714
Re: New exploit vestacp_exec
I see video for this exploit. I think to use this exploit you must have on server user account and ftp service. It correct? If yes - no problem for single-user server.
Re: New exploit vestacp_exec
Then there is a second exploit, which allows you to overwrite the link in password reset mail, combine this two exploits and a bit luck (or blindness of an user) and you're in...