Code Monkey home page Code Monkey logo

Comments (3)

monsieurDuke avatar monsieurDuke commented on June 21, 2024

Hi there, i followed your instructions. but when i finally finished the steps . I try to connect to cwp. https://xxx.xx.xx.xx:2031 , I got server 500 in response. I checked the log from cwp, PHP message: PHP Fatal error: The encoded file /usr/local/cwpsrv/htdocs/admin/index.php has expired. in Unknown on line 0" How did you try to avoid this and make cwp could be used ?

I haven't encounter that specific error actually. could you show me the snippet of the logs? and also is the error occurred from the part of the downgrade CWP section?

here is my index.php's md5 hash if you wanted to compare it

fe1bc27fd70f157bdd0f758bc3e99c5a  index.php

i'm also going to check on my end if the setup.txt is still capable on the current version (was tested on 0.9.8.1150)

from cve-2022-44877-white-box.

monsieurDuke avatar monsieurDuke commented on June 21, 2024

Ow I actually just found the workaround. It seems like each CWP's previous version got their own End-of-Life timeline. Which in this case for version 0.9.8.1146, is probably start from the first April of 2023

So what you wanted to do is actually revert the system clock to at least around March 2023. So for the testing purposes, I use timedatectl set-time to January 2023 in .bashrc file, so it wouldn't be a problem on further sessions

$ cat /root/.bashrc
...
timedatectl set-time 2023-01-01
service cwp-phpfpm restart & wait
service cwpsrv restart & wait
service cwpsrv-phpfpm restart & wait

$ source /root/.bashrc
Redirecting to /bin/systemctl restart cwp-phpfpm.service
[1]+  Done                    service cwp-phpfpm restart
Redirecting to /bin/systemctl restart cwpsrv.service
[1]+  Done                    service cwpsrv restart
Redirecting to /bin/systemctl restart cwpsrv-phpfpm.service
[1]+  Done                    service cwpsrv-phpfpm restart

That should do the trick for me. Thanks for the heads up, I really appreciate it 👌

from cve-2022-44877-white-box.

monsieurDuke avatar monsieurDuke commented on June 21, 2024

No actually dont put it in the .bashrc lol, I kept failing on the remote access since it keeps restarting. Just use the command manually

from cve-2022-44877-white-box.

Related Issues (2)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.