Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2012-2982 PoC — Webmin ‘file/show.cgi’任意命令执行漏洞

Source
https://github.com/Shadow-Spinner/CVE-2012-2982_python
Associated Vulnerability
Title:Webmin ‘file/show.cgi’任意命令执行漏洞 (CVE-2012-2982)
Description:Webmin是澳大利亚软件开发者Jamie Cameron和Webmin社区共同开发的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.590版本和较早版本中的file/show.cgi中存在漏洞。远程认证用户可利用该漏洞通过路径名中的无效字符如‘|’(竖线)字符,执行任意命令。
Readme
# CVE-2012-2982 Exploit (python)
Hello, I am a security researcher and this is my first exploit.
Webmin 1.580 has a RCE which is also CVE-2012-2982

To use This payload:
1. download
2. Open in text editor!
3. change targetIP to your target
4. change lhost to your own ip
5. change lport to the port number in which listener will run
6. And lastly {'page' : "%2F", 'user' : "user1", 'pass' : "1user"} here default user name is "user1" change it with your own and "1user is the default password change it with your own.
7. run the listener (nc -nlvp {lport})
8. run the exploit (python mal.py)
File Snapshot

 [4.0K]  /data/pocs/5795f07b1cb58707ff8d2c7b1349850c83d3efbc
├── [ 953]  mal.py
└── [ 592]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.