We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
VestaCP 0DAY
VestaCP 0DAY
Here quite high 0day: https://pentest.blog/vesta-control-pane ... -analysis/
Re: VestaCP 0DAY
Here's a perfect opportunity to prove this project is still alive and responding to critical issues!
Come on!
Come on!
-
- Posts: 15
- Joined: Thu Feb 09, 2017 3:41 pm
Re: VestaCP 0DAY
I really hope for a fix that'll solve this issue!
I can hide panel exposure on my personal host, but I think for who can't...
I can hide panel exposure on my personal host, but I think for who can't...
Re: VestaCP 0DAY
I think that even hiding panel exposure is not enough in this case.
If you've got a vulnerable website in your server and a malicious person installs a remote console then he will be able to modify ~/.bash_logout for example as explained here:
https://pentest.blog/vesta-control-pane ... -analysis/
then on running backup the hack is done.
Well, I think this could be possible.
If you've got a vulnerable website in your server and a malicious person installs a remote console then he will be able to modify ~/.bash_logout for example as explained here:
https://pentest.blog/vesta-control-pane ... -analysis/
then on running backup the hack is done.
Well, I think this could be possible.
-
- Posts: 12
- Joined: Tue Jan 16, 2018 2:58 am
- Os: CentOS 6x
- Web: apache + nginx
Re: VestaCP 0DAY
i fixed mine ... i installed virtualmin pro .... ill pay $6.00 for a maintained control panel
Re: VestaCP 0DAY
Oh boy! This is damn bad. ;(
Re: VestaCP 0DAY
I already pointed on github to a fix for this problem: https://github.com/serghey-rodin/vesta/ ... -600795634
Re: VestaCP 0DAY
Thanks @SciT, let's see if VestaCP developers react.
Re: VestaCP 0DAY
Thanks, ScIT, that is quite fast.ScIT wrote: ↑Thu Mar 19, 2020 2:24 pmI already pointed on github to a fix for this problem: https://github.com/serghey-rodin/vesta/ ... -600795634
Re: VestaCP 0DAY
You maybe missunderstood me: The fix was implemented for our fork called HestiaCP and is already older than a half year. I just pointed it for the vesta devs, so they can take a look - I do not have any contact to them, also the mod status I have here should have been removed since a longer time :).
It is still the part of vesta devs, to analyze our commit and implement a fix for itself.
It is still the part of vesta devs, to analyze our commit and implement a fix for itself.