Share
## https://sploitus.com/exploit?id=8BBACE7A-77D2-5C4C-AE90-917BF1A4A6F5
# CVE-2025-49132_PoC
Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE) proof of concept exploit.

This is for use only in CTF's or on systems you own or are authorized to test.

This will likely work only on a CTF box with lax security. ๐Ÿ˜‰

Use:
```
python3 exploit.py -h
usage: exploit.py [-h] [-c CMD] [-r READ] [-i] [--check-only] [--dump-configs] [--extract-secrets] [--db-exploit] target

Exploit CVE-2025-49132 - Pterodactyl Panel RCE

positional arguments:
  target             The target URL (e.g., http://example.com/)

options:
  -h, --help         show this help message and exit
  -c, --cmd CMD      Command to execute
  -r, --read READ    Read file. Use absolute path (e.g., '/etc/passwd') for any file, or relative (e.g., 'database') for
                     Laravel configs
  -i, --interactive  Interactive shell mode
  --check-only       Only check vulnerability
  --dump-configs     Dump all configuration files
  --extract-secrets  Extract all secrets and credentials
```