usmannasir
commented
6 years ago The demo server is open with admin level access and resets every day, for commands shell is disabled, unless you have a full access how can you execute this case?
Closed JoaoReis98 closed 6 years ago
usmannasir
commented
6 years ago The demo server is open with admin level access and resets every day, for commands shell is disabled, unless you have a full access how can you execute this case?
JoaoReis98
commented
6 years ago Look again, i shutted down the demo server again
JoaoReis98
commented
6 years ago i see that u patched the Database Create, but there are other places vulnerable.
usmannasir
commented
6 years ago You are right there was some issue on the database module only, which was shutting down mysql. I've added some additional checks, see if you still face the issue.
I just tried your demo page "https://demo.cyberpanel.net:8090/" and i could inject commands remotely fix the injected input on server side and restrict the input on client side, for example if you try to create a database with the name: test; shudown ( this is dangerous... i could just download a file and execute and take over the machine ... ) And yes it was me, i shutted down your demo page with that "hack" and now iam posting this so you can do a quick fix, the whole system is vulnerable.
Best regards.