Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-26503 PoC — Open eClass Platform 安全漏洞

Source
https://github.com/RoboGR00t/Exploit-CVE-2024-26503
Associated Vulnerability
Title:Open eClass Platform 安全漏洞 (CVE-2024-26503)
Description:Open eClass Platform是Open eClass的一个集成的课程管理系统。 Greek Universities Network Open eClass v.3.15及之前版本存在安全漏洞,该漏洞源于允许攻击者通过将精心设计的文件上传到 certbadge.php 端点来运行任意代码。
Description
Exploit for Open eClass – CVE-2024-26503: Unrestricted File Upload Leads to Remote Code Execution
Readme
# Open eClass RCE Exploit Tool

This tool is designed to exploit a known vulnerability (CVE-2024-26503) in Open eClass platforms, allowing for remote code execution (RCE) through an unrestricted file upload flaw. The vulnerability allows attackers to upload a web shell to the server, enabling the execution of arbitrary commands.

## Disclaimer

This tool is intended for educational and ethical security testing purposes only. I am not responsible for any misuse or damage caused by this tool. Users must have explicit permission to test the target systems.

## Prerequisites

Before using this tool, ensure you have Python 3.x installed on your system. You will also need the `requests` library, which can be installed using pip:

```sh
pip install requests
```

## Installation

Clone the repository or download the source code:

```sh
git clone https://github.com/RoboGR00t/Exploit-CVE-2024-26503
cd Exploit-CVE-2024-26503
```

No additional installation steps are required.

## Usage

The script requires three mandatory parameters:

- `-u`, `--username`: The username for login to the Open eClass platform.
- `-p`, `--password`: The password for login.
- `-e`, `--eclass`: The base URL of the Open eClass platform you wish to target.

Run the script with the required parameters like so:

```sh
python exploit-cve-2024-26503.py -u 'username' -p 'password' -e 'http://target-open-eclass.local'
```

![img](https://github.com/RoboGR00t/Exploit-CVE-2024-26503/raw/main/img.png)

## Cleanup

The script attempts to remove the uploaded web shell upon exiting the command execution mode. However, manual verification is recommended to ensure no traces are left behind.


## Acknowledgments

- Thanks to all the cybersecurity researchers and ethical hackers who contribute to the security community.
- Special thanks to the Open eClass team for their continuous efforts in improving platform security.



> **Please use this tool responsibly and ethically.**
File Snapshot

 [4.0K]  /data/pocs/006fb22aa90a6d0589bf0f14d6dbf31d2a9cb816
├── [4.2K]  exploit-cve-2024-26503.py
├── [ 60K]  img.png
└── [1.9K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.