Exploit for aaPanel 6.6.6 Privilege Escalation CVE-2020-14421

Name: Exploit for aaPanel 6.6.6 Privilege Escalation CVE-2020-14421
Rating: 5 (217 reviews)

2020-10-16 | CVSS 9.0

## https://sploitus.com/exploit?id=PACKETSTORM:159575
# Exploit Title: [aaPanel 6.6.6 - Authenticated Privilege Escalation]  
# Google Dork: []  
# Date: [04.05.2020]  
# Exploit Author: [Ünsal Furkan Harani (Zemarkhos)]  
# Vendor Homepage: [https://www.aapanel.com/](https://www.aapanel.com/)  
# Software Link: [https://github.com/aaPanel/aaPanel](https://github.com/aaPanel/aaPanel)  
# Version: [6.6.6] (REQUIRED)  
# Tested on: [Linux ubuntu 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux]  
# CVE : [CVE-2020-14421]  
  
if you are logged was admin;  
  
1- go to the crontab  
  
2- select shell script and paste your reverse shell code  
  
3- click execute button and you are now root.  
  
because crontab.py running with root privileges.  
  
Remote Code Execution  
  
https://github.com/jenaye/aapanel