METASPLOIT-modules/exploits/multi/http/zpanel_information_disclosure_rce.rb

METASPLOIT ruby WORKING POC
Exploit for CVE-2013-2097 - ZPanel <10.1.0 - RCE
AI Analysis

This Metasploit module exploits an information disclosure vulnerability in ZPanel (CVE-2013-2097) via a vulnerable version of pChart to read arbitrary files, extract MySQL credentials, and achieve remote code execution by uploading a malicious PHP payload through PHPMyAdmin.

Attack Type
RCE
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1005 - Data from Local System T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application T1204 - User Execution
Loading exploit code...
Download ZIP Password: eip
Source
Platform Metasploit
Type poc
Platform php
Language ruby
Rank excellent
Files 1
Authors
Balazs Makany James Fitts Jose Antonio Perez dawn isabel brad wolfe brent morris
Vulnerability
CVE-2013-2097
ZPanel <10.1.0 - RCE
HIGH
CVSS 7.8