VestaCP 0DAY
VestaCP 0DAY
Here quite high 0day: https://pentest.blog/vesta-control-pane ... -analysis/
Re: VestaCP 0DAY
Here's a perfect opportunity to prove this project is still alive and responding to critical issues!
Come on!
Come on!
-
- Posts: 15
- Joined: Thu Feb 09, 2017 3:41 pm
Re: VestaCP 0DAY
I really hope for a fix that'll solve this issue!
I can hide panel exposure on my personal host, but I think for who can't...
I can hide panel exposure on my personal host, but I think for who can't...
Re: VestaCP 0DAY
I think that even hiding panel exposure is not enough in this case.
If you've got a vulnerable website in your server and a malicious person installs a remote console then he will be able to modify ~/.bash_logout for example as explained here:
https://pentest.blog/vesta-control-pane ... -analysis/
then on running backup the hack is done.
Well, I think this could be possible.
If you've got a vulnerable website in your server and a malicious person installs a remote console then he will be able to modify ~/.bash_logout for example as explained here:
https://pentest.blog/vesta-control-pane ... -analysis/
then on running backup the hack is done.
Well, I think this could be possible.
-
- Posts: 12
- Joined: Tue Jan 16, 2018 2:58 am
- Os: CentOS 6x
- Web: apache + nginx
Re: VestaCP 0DAY
i fixed mine ... i installed virtualmin pro .... ill pay $6.00 for a maintained control panel
Re: VestaCP 0DAY
Oh boy! This is damn bad. ;(
Re: VestaCP 0DAY
I already pointed on github to a fix for this problem: https://github.com/serghey-rodin/vesta/ ... -600795634
Re: VestaCP 0DAY
Thanks @SciT, let's see if VestaCP developers react.
Re: VestaCP 0DAY
Thanks, ScIT, that is quite fast.ScIT wrote: ↑Thu Mar 19, 2020 2:24 pmI already pointed on github to a fix for this problem: https://github.com/serghey-rodin/vesta/ ... -600795634
Re: VestaCP 0DAY
You maybe missunderstood me: The fix was implemented for our fork called HestiaCP and is already older than a half year. I just pointed it for the vesta devs, so they can take a look - I do not have any contact to them, also the mod status I have here should have been removed since a longer time :).
It is still the part of vesta devs, to analyze our commit and implement a fix for itself.
It is still the part of vesta devs, to analyze our commit and implement a fix for itself.