exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.848 User Enumeration

CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.848 User Enumeration
Posted Aug 20, 2019
Authored by Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.

tags | exploit, web
systems | linux, centos
advisories | CVE-2019-13599
SHA-256 | cc0c55ccdb42fd51d11a4b01419284a4bc4b629d40b00b2b4ccebe57d7de4456

CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.848 User Enumeration

Change Mirror Download
Exploit Title       : CWP (CentOS Control Web Panel) User enumerate through HTTP response time
Date : 15 Jul 2019
Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak
Vendor Homepage : https://control-webpanel.com/
Software Link : Not available, user panel only available for lastest version
Version : 0.9.8.848
Tested on : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)
CVE-Number : CVE-2019-13599
Reference : https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13599.md


# Description

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times


# PoC

1. Login with valid user and invalid password, the server response time is about 250ms
2. Login with an invalid user and invalid password, the server response time is about 180ms

*The response time are also depend on the network speed. but however, when we log in with valid and invalid username, the response time will be different
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close