### Vulnerability Overview - **Project Name**: CentOS-WebPanel - **Description**: Proof-of-Concept (PoC) script demonstrating vulnerabilities in CentOS Web Panel. ### Vulnerability Types - **Pre-Auth RCE** - **Affected Versions**: <= 0.9.8.1120 - **Exploitation Method**: Achieves remote code execution with root privileges by combining a local file inclusion vulnerability and command injection. - **Account Takeover** - **Exploitation Method**: Exploits predictable data generation for reset tokens, allowing attackers to reset passwords for any user account. - **Internal API** - **Issue**: Internal API is unprotected; any user with file manager access can invoke the API. - **Exposed Functions**: Account listing, modification, and creation functionalities are exposed. - **Run Command as root (User Login)** - **Issue**: Command injection vulnerability in the user login process, exploiting the `user_lang` parameter to gain root privileges. - **Exploitation Method**: Requires valid username and password; can be combined with account takeover vulnerabilities. - **Run Command as root (User Modules)** - **Affected Versions**: <= 0.9.8.1124 - **Exploitation Method**: Command injection via POST parameters in multiple modules to achieve root privilege execution. ### Vulnerable Modules - Command Injection in DNS Record Addition - Command Injection in Database Optimization - Command Injection in Disk Usage - Command Injection in SSL Certificate Information - Command Injection in Error Log Viewer ### Detection Methods - **Shodan**: Provides specific search URL. - **Identification Signatures**: `Server: cwpsrv`, `Set-Cookie: cwpsrv-` ### Summary The above information highlights multiple critical vulnerabilities in CentOS Web Panel, including privilege escalation, account takeover, unprotected internal APIs, and command injection. Attackers can exploit these vulnerabilities to gain full control over the system.