## https://sploitus.com/exploit?id=8BBACE7A-77D2-5C4C-AE90-917BF1A4A6F5
# CVE-2025-49132_PoC
Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE) proof of concept exploit.
This is for use only in CTF's or on systems you own or are authorized to test.
This will likely work only on a CTF box with lax security. ๐
Use:
```
python3 exploit.py -h
usage: exploit.py [-h] [-c CMD] [-r READ] [-i] [--check-only] [--dump-configs] [--extract-secrets] [--db-exploit] target
Exploit CVE-2025-49132 - Pterodactyl Panel RCE
positional arguments:
target The target URL (e.g., http://example.com/)
options:
-h, --help show this help message and exit
-c, --cmd CMD Command to execute
-r, --read READ Read file. Use absolute path (e.g., '/etc/passwd') for any file, or relative (e.g., 'database') for
Laravel configs
-i, --interactive Interactive shell mode
--check-only Only check vulnerability
--dump-configs Dump all configuration files
--extract-secrets Extract all secrets and credentials
```