Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
1 contributor

Users who have contributed to this file

80 lines (52 sloc) 1.72 KB

Information

Product             : CWP Control Web Panel
Vulnerability Name  : User panel bypass Login
version             : 0.9.8.838
Fixed on            : 0.9.8.848
Test on             : CentOS 7.6.1810 (Core)
Reference           : http://centos-webpanel.com/
                    : https://control-webpanel.com/changelog
CVE-Number          : CVE-2019-13605

Description

By leveraging knowledge of a valid username, remoted attackers can bypass login process and become the target user


Reproduce

  1. Create and login with target username on testing environment


  1. Save the HTTP response body




  1. The token result from different server with the same username



  1. Against the real target, login and intercept the response, replace token value from we have got form our testing environment


  1. Replace part of target URL and request body with the target username


  1. Become


Timeline

2019-07-07: Discovered the bug
2019-07-07: Reported to vendor
2019-07-07: Vender accepted the vulnerability
2019-07-11: The vulnerability has been fixed
2019-07-15: Advisory published

Discovered by

Pongtorn Angsuchotmetee
You can’t perform that action at this time.