Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-26503 PoC — Open eClass Platform 安全漏洞

Source
https://github.com/RoboGR00t/Exploit-CVE-2024-26503
Associated Vulnerability
Title:Open eClass Platform 安全漏洞 (CVE-2024-26503)
Description:Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
Description
Exploit for Open eClass – CVE-2024-26503: Unrestricted File Upload Leads to Remote Code Execution
Readme
# Open eClass RCE Exploit Tool

This tool is designed to exploit a known vulnerability (CVE-2024-26503) in Open eClass platforms, allowing for remote code execution (RCE) through an unrestricted file upload flaw. The vulnerability allows attackers to upload a web shell to the server, enabling the execution of arbitrary commands.

## Disclaimer

This tool is intended for educational and ethical security testing purposes only. I am not responsible for any misuse or damage caused by this tool. Users must have explicit permission to test the target systems.

## Prerequisites

Before using this tool, ensure you have Python 3.x installed on your system. You will also need the `requests` library, which can be installed using pip:

```sh
pip install requests
```

## Installation

Clone the repository or download the source code:

```sh
git clone https://github.com/RoboGR00t/Exploit-CVE-2024-26503
cd Exploit-CVE-2024-26503
```

No additional installation steps are required.

## Usage

The script requires three mandatory parameters:

- `-u`, `--username`: The username for login to the Open eClass platform.
- `-p`, `--password`: The password for login.
- `-e`, `--eclass`: The base URL of the Open eClass platform you wish to target.

Run the script with the required parameters like so:

```sh
python exploit-cve-2024-26503.py -u 'username' -p 'password' -e 'http://target-open-eclass.local'
```

![img](https://github.com/RoboGR00t/Exploit-CVE-2024-26503/raw/main/img.png)

## Cleanup

The script attempts to remove the uploaded web shell upon exiting the command execution mode. However, manual verification is recommended to ensure no traces are left behind.


## Acknowledgments

- Thanks to all the cybersecurity researchers and ethical hackers who contribute to the security community.
- Special thanks to the Open eClass team for their continuous efforts in improving platform security.



> **Please use this tool responsibly and ethically.**
File Snapshot

 [4.0K]  /data/pocs/006fb22aa90a6d0589bf0f14d6dbf31d2a9cb816
├── [4.2K]  exploit-cve-2024-26503.py
├── [ 60K]  img.png
└── [1.9K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →