CVE-2021-32157 PoC — Webmin 跨站脚本漏洞

Source

https://github.com/dnr6419/CVE-2021-32157

Associated Vulnerability

Title:Webmin 跨站脚本漏洞 (CVE-2021-32157)
Description:Webmin是Webmin社区的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.973 版本存在跨站脚本漏洞，该漏洞源于计划的 Cron 作业功能缺少过滤与转义。

Description

Make it possible to build a vulnerable webmin virtual environment as a container using docker

Readme

# CVE-2021-32157
Make it possible to build a vulnerable webmin virtual environment as a container using docker

## Build 
If there is an error related to download, please comment on line 15 of dockerfile and run line 14 of dockerfile.
<pre>
 docker build -t VulnWebmin .
 docker run --name VulnWebmin -d --rm -p 10000:10000 VulnWebmin
</pre>

## Login 

<pre>
Go to http://[SERVER_IP]:10000
ID/Passsword : root/123456
</pre>

## Exploit
To use exploit script, Go to [Link](https://github.com/Mesh3l911/CVE-2021-32157/blob/main/eXploit.py)

<pre>
python3 eXploit.py
</pre>

## reference 
https://github.com/Mesh3l911/CVE-2021-32157/blob/main/eXploit.py

File Snapshot


 [4.0K]  /data/pocs/dc081f8f489a0a6f2e2621f9588693a5153d61e2
├── [ 865]  Dockerfile
├── [5.1K]  eXploit.py
├── [ 652]  README.md
└── [ 27M]  webmin_1.973_all.deb

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!