EvilZone

Other => Found it on the Webs => : Alin June 06, 2013, 11:46:58 AM

: Plesk 9.5.4 0-day
: Alin June 06, 2013, 11:46:58 AM

Just wanted to share what my inbox came across this morning

http://packetstormsecurity.com/files/download/121915/pleskwwwzeroday.rar

Kingcope 0-day for Plesk 9.5.4 - anyone tried it yet?

: Re: Plesk 9.5.4 0-day
: Alin June 06, 2013, 01:27:49 PM

Just for the record, I can confirm that this is legit.

Took me some time to find a vulnerable server. If you want to give it a go 85.214.146.170 is vulnerable and you can find more using pnscan:

:

pnscan -w "GET /phppath/php HTTP/1.0\r\n\r\n" -r "500 Internal" <iprange>/<subnet> 80
Notice that not all of the results are positives.

: Re: Plesk 9.5.4 0-day
: Stackprotector June 06, 2013, 01:36:03 PM

http://www.exploit-db.com/exploits/25986/
^ It is verified on exploit-db