Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-51378 PoC — CyberPanel 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-51378.yaml
Associated Vulnerability
Title:CyberPanel 安全漏洞 (CVE-2024-51378)
Description:CyberPanel是Usman Nasir个人开发者的一款内置了DNS和电子邮件服务器的虚拟主机控制面板。 CyberPanel存在安全漏洞,该漏洞源于dns/views.py 中的 getresetstatus 允许远程攻击者绕过身份验证并通过 /ftp/getresetstatus 执行任意命令。
Description
CyberPanel contains a command injection vulnerability in the /ftp/getresetstatus and /dns/getresetstatus endpoints.The vulnerability exists due to improper validation of the 'statusfile' parameter, which is directly used in a shell command.The security middleware only validates POST requests, allowing attackers to bypass protection using OPTIONS requests.
File Snapshot

 id: CVE-2024-51378

info:
  name: CyberPanel - Command Injection
  author: ritikchaddha
  severity: 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.