POC详情: 4a783ded1e0699d76412773cf336fbb707b660fa

来源
https://github.com/uxieltc/CVE-2025-49132
关联漏洞
标题: Pterodactyl Panel 代码注入漏洞 (CVE-2025-49132)
描述:Pterodactyl Panel是Pterodactyl开源的一个免费的开源游戏服务器管理面板。 Pterodactyl Panel 1.11.11之前版本存在代码注入漏洞,该漏洞源于/locales/locale.json端点未验证locale和namespace参数,可能导致任意代码执行。
描述
Check a list of Pterodactyl panels for vulnerabilities from a file.
介绍
<h1 align="center">🛡️ Pterodactyl Panel Vulnerability Checker & Exploit Tool</h1>

<p align="center">
  <img src="https://readme-typing-svg.demolab.com?font=Fira+Code&weight=700&size=24&pause=1500&color=00FF94&center=true&width=600&lines=Pentest+Tool+for+Pterodactyl;OSINT+%7C+Exploit+%7C+Automation" alt="Typing SVG" />
</p>


---

## ✨ Sobre

Um **script Python** que automatiza a descoberta e exploração de vulnerabilidades em painéis **Pterodactyl** mal configurados.

- 🔍 Descobre exposição da configuração sensível (arquivo `locale.json`).  
- 🔑 Extrai credenciais do banco MySQL.  
- 👑 Cria usuário admin automaticamente com acesso total.  
- ☁️ Detecta e pula painéis protegidos por Cloudflare.

---

## ⚙️ Tecnologias e Dependências

<p align="center">
  <img src="https://img.shields.io/badge/Python-3776AB?style=for-the-badge&logo=python&logoColor=white" />
  <img src="https://img.shields.io/badge/Requests-5282B8?style=for-the-badge&logo=python-requests&logoColor=white" />
  <img src="https://img.shields.io/badge/Colorama-FE7E02?style=for-the-badge&logo=python&logoColor=white" />
  <img src="https://img.shields.io/badge/PyMySQL-4479A1?style=for-the-badge&logo=mysql&logoColor=white" />
  <img src="https://img.shields.io/badge/Bcrypt-002D72?style=for-the-badge&logo=python&logoColor=white" />
</p>

---

## 🚀 Como usar

1. Crie um arquivo `list.txt` com URLs dos painéis alvo (um por linha).

2. Execute:

```bash
python3 main.py list.txt
```
文件快照

 [4.0K]  /data/pocs/4a783ded1e0699d76412773cf336fbb707b660fa
├── [9.0K]  cve.py
└── [1.5K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。