https://github.com/chocapikk/cyberpanel
CyberPanel v2.3.6 Pre-Auth RCE Exploit Tool
https://github.com/chocapikk/cyberpanel
Last synced: 7 months ago
JSON representation
CyberPanel v2.3.6 Pre-Auth RCE Exploit Tool
- Host: GitHub
- URL: https://github.com/chocapikk/cyberpanel
- Owner: Chocapikk
- Created: 2024-10-28T17:23:46.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-10-28T17:56:02.000Z (about 1 year ago)
- Last Synced: 2025-06-01T11:13:53.991Z (8 months ago)
- Language: Python
- Size: 7.81 KB
- Stars: 4
- Watchers: 1
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ๐ CyberPanel v2.3.6 Pre-Auth RCE Exploit Tool
CyberPanel v2.3.6 Pre-Auth RCE Exploit leverages a critical Remote Code Execution vulnerability in CyberPanel version 2.3.6. Thanks to [DreyAndโs exceptional work](https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce), this vulnerability is well-documented and thoroughly explained.
> โญ **Donโt forget to [follow DreyAnd on GitHub](https://github.com/DreyAnd) for more security insights and tools.** His contributions are invaluable to the security community!
---
### ๐ Overview
The exploit targets the **`/dataBases/upgrademysqlstatus`** endpoint, which mishandles the `statusfile` parameter, allowing unauthorized command execution on the target server.
- ๐ข Check out [LeakIXโs latest update on exploitable CyberPanel instances](https://x.com/leak_ix/status/1850949064826745202).
- ๐ **See over [22,000 results on LeakIX](https://leakix.net/) related to CyberPanel**.
---
### โ๏ธ Features
- ๐ป **Interactive Shell** for on-the-fly command execution on a target server.
- ๐ **Bulk Exploitation** with multithreading for multiple targets.
- ๐ **Output File Support** for saving results during bulk operations.
---
### ๐ ๏ธ Installation
1. **Clone this repository**:
```bash
git clone https://github.com/Chocapikk/CyberPanel
cd CyberPanel
```
2. **Install dependencies**:
```bash
pip install -r requirements.txt
```
---
### ๐ Usage
Run the tool with the options provided below.
**Basic Commands**:
- **Single target in interactive mode**
```bash
python exploit.py -u http://example.org
```
- **Multiple targets from a file with output**
```bash
python exploit.py -f targets.txt -o results.txt -t 10 "uname -a"
```
### โ ๏ธ Disclaimer
This tool is intended solely for educational purposes and authorized security testing. **Unauthorized use of this tool on systems without explicit permission from the owner is illegal and unethical.** The developer assumes no liability or responsibility for misuse or damage caused by this tool.
**Use responsibly and only on systems you own or have explicit permission to test.**