Plesk Server 9.2 Hacked

longvnit · December 24, 2009

I am testing hosting server using Plesk Panel 9.2

I got some problems about security.

When i used webshell (http://www.guru.net.vn/kshell_1.2.zip) or same code:

Code:

<%@ Language=VBScript %>
<%
On Error Resume Next
Dim oScript
Dim gURL
gURL = Request.ServerVariables("APPL_PHYSICAL_PATH")
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Call oScript.Run ("c:\\WINDOWS\\system32\\cmd.exe",1,True)
%>

Then user IWAM_Plesk (Default) of plesk panel can execute files in system32, example: cmd.exe, regedit.exe ...

Other, it can hacked web directory of other users in server.

When i add permission of cmd.exe : Everyone : Deny All then plesk admin's webpage error.

I can't fix problems.

Please help me ! Thanks so much .

Sign In

Plesk Server 9.2 Hacked

Recommended Posts

longvnit

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information