Skip to content

datackmy/FallingSkies-CVE-2023-35885

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
Screenshots
Screenshots
 
 
src
src
 
 
vendor
vendor
 
 
Crypto.php
Crypto.php
 
 
README.md
README.md
 
 
exploit2.py
exploit2.py
 
 
shell.php
shell.php
 
 

Repository files navigation

CVE-2023-35885

Cloudpanel 0-day Exploit

Author: @EagleTube, @Mzulfahmy, @farphalabs
Github : https://github.com/datackmy/FallingSkies-CVE-2023-35885/blob/main/
Affected version: v2.0.0 – v2.3.0
Patched version: v2.3.1
Vendor homepage: CloudPanel.io
Product: CloudPanel
References: https://www.datack.my/fallingskies-cloudpanel-0-day/ , [Write Up]

Usage :

wget https://raw.githubusercontent.com/datackmy/FallingSkies-CVE-2023-35885/main/exploit2.py
chmod +x exploit2.py
python3 exploit2.py -T target_ip:target_port

DISCLAIMER

Use this script only for education purpose
We are not responsible for any damages or abusal by any third-parties or in equivalance.

PROOF OF CONCEPT

Upload webshell by inject encrypted "serialized" clp-fm cookie with default secret key.

Uploaded Shell from automated python script.

SSH user with already granted sudo privileges.

PATCH VERSION

CloudPanel v2.3.1

SPECIAL THANKS & REFERENCE

  1. Datack Sdn Bhd (full writeup) datack.my
  2. Maui sabily.info
  3. Mohamad Zulfahmy (@mzulfahmy)
  4. Farhan Phakhruddin (@farpha)

TIMELINE

01-06-2023 – Exploit Found
12-06-2023 – Privately disclose to vendor
13-06-2023 – Submitted to CVE assignee
19-06-2023 – CVE number assigned by MITRE
20-06-2023 – Patch released by the vendor (v2.3.1)
20-07-2023 – Exploit released to the public

About

Cloudpanel 0-day Exploit

Resources

Readme
Activity
Custom properties

Stars

58 stars

Watchers

2 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages