CVE-2022-44877

This repository contains a working proof-of-concept for CVE-2022-44877, an unauthenticated remote code execution vulnerability in CentOS Web Panel 7 versions prior to 0.9.8.1147. The exploit leverages command injection via the 'login' parameter in the login endpoint.

This repository contains a working proof-of-concept exploit for CVE-2022-44877, an unauthenticated remote code execution vulnerability in CentOS Web Panel 7. The exploit leverages command injection via the login parameter in /login/index.php to execute arbitrary system commands.

This repository contains a functional exploit for CVE-2022-44877, targeting CentOS Web Panel (CWP) to achieve remote code execution (RCE) via command injection. The PoC includes a reverse shell setup, payload generation, and credential extraction via REST API and John the Ripper.

This repository contains a bash script that tests for CVE-2022-44877, a command injection vulnerability in web servers. The script uses a time-based approach to detect vulnerability by measuring the response time of a crafted request.

This repository is a placeholder for CVE-2022-44877, an unauthenticated RCE in Control Web Panel 7 (CWP7). It currently contains no exploit code, only a README indicating a PoC will be added later.

This repository contains a bash script that tests for CVE-2022-44877, a command injection vulnerability in web servers. The script uses a time-based approach to detect vulnerability by measuring the response time of a crafted request.

This Go-based exploit targets CVE-2022-44877 in CentOS Web Panel, leveraging command injection via URL-encoded payloads to achieve remote code execution. It supports multiple C2 types (SSL reverse shell, simple reverse shell, bind shell) and uses base64 encoding for payload obfuscation.

This repository contains a functional exploit for CVE-2022-44877, targeting CentOS Web Panel (CWP) with a reverse shell payload. The exploit leverages command injection via crafted POST requests to achieve remote code execution (RCE) and includes utilities for setting up listeners, generating payloads, and extracting credentials.

This exploit leverages a command injection vulnerability in Control Web Panel 7 (CWP7) by injecting a cURL command into the login URL parameter, triggering an out-of-band callback to a listener. It bypasses authentication by exploiting improper input validation in the login endpoint.

This Metasploit module exploits an unauthenticated command injection vulnerability in Control Web Panel (CWP) versions < 0.9.8.1147. It leverages a flaw in the login.php file to execute arbitrary commands as the root user via a crafted POST request.

This exploit demonstrates an unauthenticated remote code execution (RCE) vulnerability in CentOS Web Panel 7 versions prior to 0.9.8.1147. The vulnerability arises from improper handling of double quotes in the login parameter, allowing arbitrary command injection via a crafted POST request.