Forgot your password?
typodupeerror

+ - Hacker publishes alleged zero-day exploit for Plesk->

Submitted by hypnosec
hypnosec (2231454) writes "KingCope, known for many concrete zero-day exploits, has published yet another zero-day through full disclosure – this time for Plesk, a hosting software package made by Parallels and used on thousands of servers across the web. According to KingCope, Plesk versions 9.5.4, 9.3, 9.2, 9.0 and 9.6 on three different Linux variants Red Hat, CentOS and Fedora are vulnerable to the hack. The exploit, as noted by the hacker, makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. Once invoked, the interpreter can be used to execute arbitrary commands."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Hacker publishes alleged zero-day exploit for Plesk

Comments Filter:

What hath Bob wrought?

Working...