关联漏洞
标题:
Webmin 命令操作系统命令注入漏洞
(CVE-2019-15107)
描述:Webmin是一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.920及之前版本中的password_change.cgi存在命令操作系统命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。
描述
Webmin-RCE-PoC-CVE-2019-15107 is a Python-based scanner that detects vulnerable Webmin (1.890 - 1.920) servers affected by CVE-2019-15107, an unauthenticated remote code execution (RCE) vulnerability in the /password_change.cgi endpoint.
介绍
# Webmin CVE-2019-15107 Vulnerability Scanner
A multi-threaded Python scanner to detect Webmin servers vulnerable to CVE-2019-15107 (authenticated RCE vulnerability in Webmin versions 1.890 through 1.920).
## Description
This tool scans a list of Webmin servers (provided in CSV format) and checks for the CVE-2019-15107 vulnerability, which allows remote code execution through the password_change.cgi endpoint. The scanner is multi-threaded for efficient scanning of large networks and provides color-coded output for easy result interpretation.
## Features
- Multi-threaded scanning for fast results
- CSV input file support (HOST:IP:PORT format)
- Color-coded terminal output (green/red/yellow for vulnerable/non-vulnerable/errors)
- Real-time scanning statistics
- Automatic saving of vulnerable hosts to `vulnerable_hosts.txt`
- Detailed scan summary report
## Vulnerability Details
**CVE-2019-15107**: An authenticated remote code execution vulnerability in Webmin versions 1.890 through 1.920. The vulnerability exists in the password_change.cgi endpoint, which allows command injection via the `expired` parameter.
## Installation
1. Clone this repository:
```bash
git clone https://github.com/mattb709/CVE-2019-15107-Scanner.git
cd CVE-2019-15107-Scanner
```
2. Install the required dependencies:
```bash
pip install requests colorama
```
## Usage
1. Prepare a CSV file (`targets.csv`) with your target hosts in the following format:
```
HOST,IP,PORT
server1,192.168.1.1,10000
server2,10.0.0.2,10000
```
(If PORT is empty, default port 10000 will be used)
2. Run the scanner:
```bash
python CVE-2019-15107-Scanner.py targets.csv
```
3. For faster scanning with multiple threads (e.g., 10 threads):
```bash
python CVE-2019-15107-Scanner.py targets.csv --threads 10
```
## Output Example
```
[*] Starting Webmin CVE-2019-15107 Scanner
[*] Loading targets from: targets.csv
[*] Using 5 threads
[+] VULNERABLE: 192.168.1.1:10000
Command output: uid=0(root) gid=0(root) groups=0(root)
[-] Not vulnerable: 10.0.0.2:10000
[!] Error: 10.0.0.3:10000 - Connection timeout
=== SCAN SUMMARY ===
Vulnerable hosts: 1
Non-vulnerable hosts: 1
Errors: 1
Total hosts scanned: 3
Vulnerable hosts saved to 'vulnerable_hosts.txt'
```
## Output Files
- `vulnerable_hosts.txt`: Contains all identified vulnerable hosts in IP:PORT format
## Disclaimer
This tool is intended for authorized security testing and research purposes only. The author is not responsible for any misuse or damage caused by this program. Always obtain proper authorization before scanning any systems.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## References
- [CVE-2019-15107](https://nvd.nist.gov/vuln/detail/CVE-2019-15107)
- [Webmin Security Advisory](https://www.webmin.com/security.html)
文件快照
[4.0K] /data/pocs/aed6e3d96eab7903042a8bc57a250b63ebe1752f
├── [4.7K] CVE-2019-15107-Scanner.py
├── [1.0K] LICENSE
├── [2.8K] README.md
└── [ 33] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。