CVE-2012-2982 PoC — Webmin ‘file/show.cgi’任意命令执行漏洞

Source

https://github.com/0xF331-D3AD/CVE-2012-2982

Associated Vulnerability

Title:Webmin ‘file/show.cgi’任意命令执行漏洞 (CVE-2012-2982)
Description:Webmin是澳大利亚软件开发者Jamie Cameron和Webmin社区共同开发的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.590版本和较早版本中的file/show.cgi中存在漏洞。远程认证用户可利用该漏洞通过路径名中的无效字符如‘|’(竖线)字符，执行任意命令。

Readme

# CVE 2012-2982 EXPLOIT

## *Build*

> `mvn clean install`

## *Exploit*

> `java -jar ./target/CVE-2012-2982-1.0-SNAPSHOT-jar-with-dependencies.jar`

File Snapshot


 [4.0K]  /data/pocs/b8416bbe1618dba9dfb62a1cba6df6262087bf20
├── [2.9K]  pom.xml
├── [ 150]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            ├── [4.0K]  bodypublisher
            │   └── [ 822]  FormDataBodyPublisher.java
            ├── [4.0K]  dto
            │   └── [ 924]  CmdLineArgsDto.java
            ├── [4.0K]  exploit
            │   └── [4.5K]  Exploit.java
            ├── [4.0K]  main
            │   └── [ 763]  Main.java
            └── [4.0K]  util
                └── [ 665]  ExploitUtils.java

8 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!