关联漏洞
介绍
## Guide to use script that exploit the [Pterodactyl Path Traversal at locale.json](https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843)
### Requirements
- Exposed Redis Server
- Panel URL
### Guide
1. Get access to the server configuration file, which has APP_KEY and Redis Database Password + IP
2. Use `forge_cookie` to generate a `pterodactyl_session` cookie
3. Use that cookie to access Pterodactyl API
### Note
- This script is for educational purposes only. Use it responsibly and ensure you have permission to test the target system.
- Logging in through the panel webpanel can not be done due to requirement of "remember_token" which is stored in the SQL Database.
- Only accessing the API is possible with the forged cookie.
- Tried on panel.ahihimc.net but they patched the redis port before im able to report joy :sad:
文件快照
[4.0K] /data/pocs/89c8c8833ebfb1b359527a4b796a49b586a661ae
├── [2.2K] forge_cookie.py
├── [1.3K] illuminate-decryptor.py
├── [1.1K] LICENSE
└── [ 862] README.md
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →