Skip to content
/ CVE-2019-15107 Public

webmin <=1.920 - RCE via command injection vulnerability

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

g1vi/CVE-2019-15107

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
exploit.sh
exploit.sh
 
 

Repository files navigation

CVE-2019-15107

https://www.cvedetails.com/cve/CVE-2019-15107/

An issue was discovered in Webmin <=1.920. The parameters "old" and "expire" in password_change.cgi contain a command injection vulnerability.

Usage

  1. Start a listener on red box.
   rlwrap -cAr nc -lvp 1919
  1. Run the exploit
   ./exploit.sh
  1. Arguments will be prompted:
    • ip address of the target
    • target port running webmin (usually 10000)
    • local listener port
    • local interface where the listener is running (eth0, tun0, etc)

Let the stuff run, a reverse shell is received on listener.

Example

image

License

Feel free to use or modify whenever and wherever you like

About

webmin <=1.920 - RCE via command injection vulnerability

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages