Share
## https://sploitus.com/exploit?id=B172CD84-53D7-5ABA-A3AD-48D72659281D
# Open eClass RCE Exploit Tool

This tool is designed to exploit a known vulnerability (CVE-2024-26503) in Open eClass platforms, allowing for remote code execution (RCE) through an unrestricted file upload flaw. The vulnerability allows attackers to upload a web shell to the server, enabling the execution of arbitrary commands.

## Disclaimer

This tool is intended for educational and ethical security testing purposes only. I am not responsible for any misuse or damage caused by this tool. Users must have explicit permission to test the target systems.

## Prerequisites

Before using this tool, ensure you have Python 3.x installed on your system. You will also need the `requests` library, which can be installed using pip:

```sh
pip install requests
```

## Installation

Clone the repository or download the source code:

```sh
git clone https://github.com/RoboGR00t/Exploit-CVE-2024-26503
cd Exploit-CVE-2024-26503
```

No additional installation steps are required.

## Usage

The script requires three mandatory parameters:

- `-u`, `--username`: The username for login to the Open eClass platform.
- `-p`, `--password`: The password for login.
- `-e`, `--eclass`: The base URL of the Open eClass platform you wish to target.

Run the script with the required parameters like so:

```sh
python exploit-cve-2024-26503.py -u 'username' -p 'password' -e 'http://target-open-eclass.local'
```

![img](https://github.com/RoboGR00t/Exploit-CVE-2024-26503/raw/main/img.png)

## Cleanup

The script attempts to remove the uploaded web shell upon exiting the command execution mode. However, manual verification is recommended to ensure no traces are left behind.


## Acknowledgments

- Thanks to all the cybersecurity researchers and ethical hackers who contribute to the security community.
- Special thanks to the Open eClass team for their continuous efforts in improving platform security.



> **Please use this tool responsibly and ethically.**