Author Topic: Plesk 9.5.4 0-day (Read 1125 times)

Alin · « **on:** June 06, 2013, 11:46:58 am »

Just wanted to share what my inbox came across this morning

http://packetstormsecurity.com/files/download/121915/pleskwwwzeroday.rar

Kingcope 0-day for Plesk 9.5.4 - anyone tried it yet?

Alin · « **Reply #1 on:** June 06, 2013, 01:27:49 pm »

Just for the record, I can confirm that this is legit.

Took me some time to find a vulnerable server. If you want to give it a go 85.214.146.170 is vulnerable and you can find more using pnscan:

Code: [Select]

pnscan -w "GET /phppath/php HTTP/1.0\r\n\r\n" -r "500 Internal" <iprange>/<subnet> 80
Notice that not all of the results are positives.

Stackprotector · « **Reply #2 on:** June 06, 2013, 01:36:03 pm »

http://www.exploit-db.com/exploits/25986/
^ It is verified on exploit-db

EvilZone

News:

Author Topic: Plesk 9.5.4 0-day (Read 1125 times)

Alin

Plesk 9.5.4 0-day

Alin

Re: Plesk 9.5.4 0-day

Stackprotector

Re: Plesk 9.5.4 0-day