This tool targets a vulnerability in CloudPanel 2 versions prior to 2.3.1. The flaw resides in the insecure file-manager cookie authentication, which can be exploited to achieve Remote Code Execution (RCE) with root privileges.
For comprehensive details regarding this vulnerability, please refer to the official CVE listing: CVE-2023-35885
Description from NVD:
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication leading to Remote Code Execution as root.
-
Single URL Mode:
python3.10 exploit.py -u https://TARGET_URL:PORT
This mode will check the vulnerability on a single URL and if successful, will drop you into an interactive shell.
-
File Mode:
python3.10 exploit.py -f file_with_urls.txt
This mode allows you to check multiple URLs at once. Each line in the file should contain one URL.
-
Output Vulnerable URLs to File:
python3.10 exploit.py -f file_with_urls.txt -o output.txt
Use the
-o
flag to write vulnerable URLs to an output file. -
Threads:
python3.10 exploit.py -f file_with_urls.txt -t 20
Adjust the number of threads for concurrent testing using the
-t
flag. The default is 10.
This tool is intended for educational and research purposes only. Do not use it against any system without explicit permission. The author or any associated parties are not responsible for any misuse or damage resulting from the use of this tool.