1. IT-Security >
  2. IT Security Tools >
  3. Plesk / myLittleAdmin ViewState .NET Deserialization

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Plesk / myLittleAdmin ViewState .NET Deserialization


IT Security Tools vom | Direktlink: packetstormsecurity.com Nachrichten Bewertung

This Metasploit module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded machineKey parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as an optional component that is selected automatically during "full" installation. This exploit caters to the Plesk target, though it should work fine against a standalone myLittleAdmin setup. Successful exploitation results in code execution as the user running myLittleAdmin, which is IUSRPLESK_sqladmin for Plesk and described as the "SQL Admin MSSQL anonymous account". Tested on the latest Plesk Obsidian with optional myLittleAdmin 3.8....

Externe Webseite mit kompletten Inhalt öffnen



https://packetstormsecurity.com/files/157808/plesk_mylittleadmin_viewstate.rb.txt

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

Team Security Diskussion über Plesk / myLittleAdmin ViewState .NET Deserialization