关联漏洞
标题:
Webmin 命令操作系统命令注入漏洞
(CVE-2019-15107)
描述:Webmin是一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.920及之前版本中的password_change.cgi存在命令操作系统命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。
描述
A PoC exploit for CVE-2019-1510 - Webmin Command Injection.
介绍
# CVE-2019-15107 - Webmin RCE 💻🛑
The vulnerability is found in the 'old' parameter within the 'password_change.cgi' file of Webmin. It is prone to command injection attacks, allowing malicious actors to execute arbitrary commands by exploiting this weakness in the application.
# 🚨 Disclaimer
Please be aware that this exploit is provided solely for educational and research purposes. Any actions you undertake using this code are entirely your responsibility. The author(s) of this repository are not responsible for any misuse or damage caused.
### 🔐 Use this exploit responsibly and exclusively on authorized systems with proper permissions.
# 🤝 Contributing
Contributions are highly appreciated! If you encounter any issues or have suggestions for enhancements, feel free to open an issue or submit a pull request.
文件快照
[4.0K] /data/pocs/879dead98dc593edfae349ebae25afff543ce94a
├── [7.9K] CVE-2019-15107.py
├── [ 841] README.md
└── [ 62] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。