关联漏洞
Description
PoCs for CVE-2025-49132
介绍
# CVE-2025-49132 - 10.0 (Critical)
https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843
Vulnerable versions: 1.9.0 .. 1.11.10
## OpSec Considerations
RCE exploitation is limited but can be detected through:
`cat /var/www/pterodactyl/storage/logs/laravel-2025-*-*.log | grep 'Illuminate\\\\Translation\\\\FileLoader->load()'`
If access logs are disabled as they are with default configuration (without SSL) credential dumping cannot be detected as easily, otherwise you can search for `locale=..` in the access logs
## Legal
This is entirely for educational purposes or for use in authorized challenges such as a CTF, it is illegal to attack a machine without prior permission.
文件快照
[4.0K] /data/pocs/b8038547883a556df52107628a88787df46f675f
├── [1.1K] dump-creds.py
├── [ 918] exploit.py
├── [1.0K] LICENSE
├── [ 708] README.md
└── [ 463] test.py
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →