ZPanel Privilege Escalation Vulnerability via Misconfigured zsudo

A local privilege escalation vulnerability exists in ZPanel due to a helper binary called zsudo, which is intended for restricted privilege escalation for administrative tasks. When zsudo is misconfigured in the sudoers file, low-privileged users can exploit it to execute arbitrary commands as root. This vulnerability allows local attackers with shell access to escalate privileges by writing a payload to a directory they can write to and executing it using zsudo. The issue is particularly significant in post-exploitation scenarios after a web server compromise, where the attacker gains access to zsudo.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling a user to execute commands with root privileges.

Reproduction

To reproduce this vulnerability, a user must have shell access and be in a ZPanel environment where zsudo is included in the sudoers file. Once these conditions are met, the user can write a payload to a writable directory and execute it using zsudo, thereby escalating privileges to root.