Recently two critical vulnerabilities were detected by the cybersecurity analysts of Octagon Networks in the Control Web Panel (formerly also known as CentOS Web Panel) that is commonly known as CWP as well. Due to this bug, an attacker can easily execute code as root on Linux servers.
The CWP is a web hosting management software that is used by more than 200,000 unique servers, and it’s primarily found on cyber search engines like:-
In total there are two critical vulnerabilities were detected, and they are:-
The threat actors can exploit these critical vulnerabilities in the CWP panel that are already exposed in the webroot without authentication.
There are two specific pages in which the experts have focused on for further analysis, and here they are:-
At this stage, an attacker needs to transform the include statement only to exploit the vulnerability and, from a remote resource inject malicious code remotely.
However, before the execution of the server, the included statement inserts the content of one PHP file into another PHP file to transform or alter it.
Here, the application will not process the input if the parameter “scripts” contains “..” (two dots); in short, in that case, by displaying the “hacking attempt” to the user it will exit.
Here we have mentioned below all the potential bypassing methods:-
This could be executed by following three steps, and here we have mentioned them below:-
Moreover, the file inclusion vulnerability (CVE-2021-45467) was already patched, but, the experts have affirmed that there are threat actors who successfully manage to reverse the patch to exploit servers.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…