..| CVE-2021-31760 |..

Description :

Exploiting a Cross-site request forgery (CSRF) attack to get a Remote Command Execution (RCE) through the Webmin's running process feature

Tested Version :

Webmin 1.973 ( GitHub's latest version 07/03/2021 )

Attack Type:

Remote

Impact :

Remote Command Execution

eXploit's C0de POC :

YouTube POC :

https://youtu.be/D45FN8QrzDo

Vendor of Product :

https://www.webmin.com

Additional Information :

"Webmin is a web-based system administration tool for Unix-like servers, and services with over 1,000,000 installations worldwide. Using it, it is possible to configure operating system internals, such as users, disk quotas, services or configuration files, as well as modify, and control open-source apps, such as BIND DNS Server, Apache HTTP Server, PHP, MySQL, and many more" According to Webmin's GitHub

Discoverers :

Mesh3l_911 & Z0ldyck
Twitter: @mesh3l_911 ,@electronicbots

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
RCE_eXploit.py		RCE_eXploit.py
README.md		README.md
exploitPOC.png		exploitPOC.png

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RCE_eXploit.py

RCE_eXploit.py

README.md

README.md

exploitPOC.png

exploitPOC.png

Repository files navigation

..| CVE-2021-31760 |..

Description :

Tested Version :

Attack Type:

Impact :

eXploit's C0de POC :

YouTube POC :

Vendor of Product :

Additional Information :

Discoverers :

About

Releases

Packages

Languages

electronicbots/CVE-2021-31760

Folders and files

Latest commit

History

Repository files navigation

..| CVE-2021-31760 |..

Description :

Tested Version :

Attack Type:

Impact :

eXploit's C0de POC :

YouTube POC :

Vendor of Product :

Additional Information :

Discoverers :

About

Resources

Stars

Watchers

Forks

Languages