Sunday, November 19, 2017
Home / Security / Exploits / Kloxo Exploit puts thousands of servers at risk

Kloxo Exploit puts thousands of servers at risk

Kloxo, a free open source web hosting control panel for Redhat and CentOS linux distributions has had a SQL injection vulnerability found within the software.  This exploit was originally being used as a zero-day in the wild and has affected a number of users like this one on Webhostingtalk.com.

This exploit is a high risk vulnerability, as it allows the attacker to obtain the admin password which then allows  them to gain access to the control panel.  With this access someone can utilize a second exploit (remote PHP code execution) which could lead to a malicious files being placed on the targeted server.

A Metasploit module has been released for the exploit as the vulnerability comes to light.

A security researcher using the Twitter handle @Mormoroth has brought this exploit to our attention (tweet above), he also stated that Kloxo stores the root password in base64 which is extremely simple to decrypt and they did not even bother to use MD5, the standard encryption for passwords these days.

This exploit has the potential to disrupt thousands of servers and as of now, the Kloxo demo which is located on their official site is returning a “500 internal error”.

You can view the Metasploit module on Exploit-db here.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …