CyberPanel v2.3.6 Pre-Auth RCE Exploit leverages a critical Remote Code Execution vulnerability in CyberPanel version 2.3.6. Thanks to DreyAnd’s exceptional work, this vulnerability is well-documented and thoroughly explained.
⭐ Don’t forget to follow DreyAnd on GitHub for more security insights and tools. His contributions are invaluable to the security community!
The exploit targets the /dataBases/upgrademysqlstatus endpoint, which mishandles the statusfile parameter, allowing unauthorized command execution on the target server.
- 📢 Check out LeakIX’s latest update on exploitable CyberPanel instances.
- 🔗 See over 22,000 results on LeakIX related to CyberPanel.
- 💻 Interactive Shell for on-the-fly command execution on a target server.
- 📂 Bulk Exploitation with multithreading for multiple targets.
- 📝 Output File Support for saving results during bulk operations.
-
Clone this repository:
git clone https://github.com/Chocapikk/CyberPanel cd CyberPanel -
Install dependencies:
pip install -r requirements.txt
Run the tool with the options provided below.
Basic Commands:
-
Single target in interactive mode
python exploit.py -u http://example.org
-
Multiple targets from a file with output
python exploit.py -f targets.txt -o results.txt -t 10 "uname -a"
This tool is intended solely for educational purposes and authorized security testing. Unauthorized use of this tool on systems without explicit permission from the owner is illegal and unethical. The developer assumes no liability or responsibility for misuse or damage caused by this tool.
Use responsibly and only on systems you own or have explicit permission to test.