Open game panel remote code execution (rce) (authenticated) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-10-04 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Open game panel remote code execution (rce) (authenticated) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Open Game Panel - Remote Code Execution (RCE) (Authenticated)
# Google Dork: intext:"Open Game Panel 2021"
# Date: 08/14/2021
# Exploit Author: prey
# Vendor Homepage: https://www.opengamepanel.org/
# Software Link: https://github.com/OpenGamePanel/OGP-Website
# Version: before 14 Aug patch (https://github.com/OpenGamePanel/OGP-Website/pull/561/commits)
# Tested on: CentOS Linux 5.4.102
#Before the patch, it was possible to inject system commands on "map" parameter when launching a new counter-strike server just by putting the command=
betwen ';', the user needs to be authenticated for this.