Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Submission + - Hacker publishes alleged zero-day exploit for Plesk (paritynews.com)

hypnosec writes: KingCope, known for many concrete zero-day exploits, has published yet another zero-day through full disclosure – this time for Plesk, a hosting software package made by Parallels and used on thousands of servers across the web. According to KingCope, Plesk versions 9.5.4, 9.3, 9.2, 9.0 and 9.6 on three different Linux variants Red Hat, CentOS and Fedora are vulnerable to the hack. The exploit, as noted by the hacker, makes use of specially crafted HTTP queries that inject PHP commands. The exploit uses POST request to launch a PHP interpreter and the attacker can set any configuration parameters through the POST request. Once invoked, the interpreter can be used to execute arbitrary commands.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Hacker publishes alleged zero-day exploit for Plesk

Comments Filter:

Those who can, do; those who can't, simulate.

Working...