漏洞平台

POC详情： 5bd24c748fb7fe550d2a35b1cb9f0c4d7b4e6d4a

来源

https://github.com/nfoltc/CVE-2025-49132

关联漏洞

标题： Pterodactyl Panel 代码注入漏洞 (CVE-2025-49132)
描述：Pterodactyl Panel是Pterodactyl开源的一个免费的开源游戏服务器管理面板。 Pterodactyl Panel 1.11.11之前版本存在代码注入漏洞，该漏洞源于/locales/locale.json端点未验证locale和namespace参数，可能导致任意代码执行。

描述

Check a list of Pterodactyl panels for vulnerabilities from a file.

介绍

<h1 align="center">🛡️ Pterodactyl Panel Vulnerability Checker & Exploit Tool</h1>

<p align="center">
  <img src="https://readme-typing-svg.demolab.com?font=Fira+Code&weight=700&size=24&pause=1500&color=00FF94&center=true&width=600&lines=Pentest+Tool+for+Pterodactyl;OSINT+%7C+Exploit+%7C+Automation" alt="Typing SVG" />
</p>

<p align="center">
  <a href="https://github.com/nfoltc/pterodactyl-exploit/stargazers">
    <img alt="GitHub stars" src="https://img.shields.io/github/stars/nfoltc/CVE-2025-49132?style=for-the-badge" />
  </a>
  <a href="https://github.com/nfoltc/pterodactyl-exploit/issues">
    <img alt="GitHub issues" src="https://img.shields.io/github/issues/nfoltc/CVE-2025-49132?style=for-the-badge" />
  </a>
  <a href="https://github.com/nfoltc/pterodactyl-exploit/network/members">
    <img alt="GitHub forks" src="https://img.shields.io/github/forks/nfoltc/CVE-2025-49132?style=for-the-badge" />
  </a>
  <a href="https://github.com/nfoltc/pterodactyl-exploit/blob/main/LICENSE">
    <img alt="GitHub license" src="https://img.shields.io/github/license/nfoltc/CVE-2025-49132?style=for-the-badge" />
  </a>
</p>

---

## ✨ Sobre

Um **script Python** que automatiza a descoberta e exploração de vulnerabilidades em painéis **Pterodactyl** mal configurados.

- 🔍 Descobre exposição da configuração sensível (arquivo `locale.json`).  
- 🔑 Extrai credenciais do banco MySQL.  
- 👑 Cria usuário admin automaticamente com acesso total.  
- ☁️ Detecta e pula painéis protegidos por Cloudflare.

---

## ⚙️ Tecnologias e Dependências

<p align="center">
  <img src="https://img.shields.io/badge/Python-3776AB?style=for-the-badge&logo=python&logoColor=white" />
  <img src="https://img.shields.io/badge/Requests-5282B8?style=for-the-badge&logo=python-requests&logoColor=white" />
  <img src="https://img.shields.io/badge/Colorama-FE7E02?style=for-the-badge&logo=python&logoColor=white" />
  <img src="https://img.shields.io/badge/PyMySQL-4479A1?style=for-the-badge&logo=mysql&logoColor=white" />
  <img src="https://img.shields.io/badge/Bcrypt-002D72?style=for-the-badge&logo=python&logoColor=white" />
</p>

---

## 🚀 Como usar

1. Crie um arquivo `list.txt` com URLs dos painéis alvo (um por linha).

2. Execute:

```bash
python3 main.py list.txt
```

# Credits
https://github.com/Zen-kun04/CVE-2025-49132

文件快照


 [4.0K]  /data/pocs/5bd24c748fb7fe550d2a35b1cb9f0c4d7b4e6d4a
├── [9.0K]  cve.py
└── [2.3K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。