POC详情: fea838897fc79ae2e67794c22a29cf90bbb437a1

来源
关联漏洞
标题: CyberPanel 安全漏洞 (CVE-2024-54679)
描述:CyberPanel是Usman Nasir个人开发者的一款内置了DNS和电子邮件服务器的虚拟主机控制面板。 CyberPanel (aka Cyber Panel) 6778ad1之前版本存在安全漏洞,该漏洞源于不需要 FilemanagerAdmin 功能来执行 restartMySQL 操作。
描述
CVE-2024-54679 - CyberPanel (aka Cyber Panel) Denial of Service
介绍
# CVE-2024-54679
CVE-2024-54679 - CyberPanel (aka Cyber Panel) Denial of Service
## Description
A denial of service (DoS) vulnerability was discovered in Cyber Panel that allows any authenticated user to restart the database by sending requests to the `/dataBases/restartMySQL` endpoint. This vulnerability occurs in the `restartMySQL` function in the `Cyberpanel/databases/views.py` file at line 400, where the action is executed before checking user permissions (ACL). The function first retrieves the user ID from the session (authentication check), then calls the `restartMySQL` method from the `mysqlUtilities` class, which executes the database restart command (`sudo systemctl restart mariadb`). Only after this action does it check if the user is an admin. This lack of an ACL check before executing the restart makes the endpoint accessible to any authenticated user. An attacker with a low-privilege account could exploit this by repeatedly sending requests to the endpoint, causing the database to crash and resulting in a denial of service.
## Affected Versions
CyberPanel (aka Cyber Panel) Versions through 2.3.7 and (unpatched) 2.3.8
## Steps to Reproduce
- Login on CyberPanel using a low privileged user account.
- Send a request to `/dataBases/restartMySQL` endpoint to restart the database.
- Configure burpsuite and send the request to intruder tab.
- In intruder, select Null payloads and run attack indefinitely.
- Observe that the database is crashed and CyberPanel is unavailable.
## Proof of concept
## Demo: https://www.youtube.com/watch?v=f2M5wI875Uk
![image](https://github.com/user-attachments/assets/43a53974-7e3a-4ab0-9016-ddbc4929b184)
*Vulnerable code*
![image](https://github.com/user-attachments/assets/113d37fa-2a2a-4873-94eb-6b16ecd857f3)
*mysqlUtilities.restartMySQL method*
## References
- National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2024-54679
- Patch Commit: https://github.com/usmannasir/cyberpanel/commit/6778ad1eaae41f72365da8fd021f9a60369600dc
## Discoverer
Abdul Wassay (hotplugin0x01)
文件快照

[4.0K] /data/pocs/fea838897fc79ae2e67794c22a29cf90bbb437a1 └── [2.0K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。