Expected Findings
- Internet-exposed admin panel advertises sensitive control-plane ports.
- Pre-auth session material contains attacker-controlled fields.
- Session upgrade flow trusts crafted token and session properties.
Control Panel
Hosting Panel Bypass
This page simulates an exposed hosting panel where a crafted pre-auth session becomes admin after unsafe session loading. The boot script fetches the vulnerable status and a suspicious session artifact on page load.
Primary Flows
- Panel status Public exposure and auth path summary
- Suspicious session file Injected pre-auth session artifact
- Upgrade session POST attacker-controlled session fields
- IOC log Detection output showing compromise indicators
Signals
Session Artifact
token_denied=1 cp_security_token=/cpsess04396539398 user=root
Exposure
ports: 2083, 2087, 2095, 2096