Exploit webmin 0.91 - Directory Traversal

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21183
Проверка EDB
  1. Пройдено
Автор
A. RAMOS
Тип уязвимости
REMOTE
Платформа
CGI
CVE
cve-2001-1196
Дата публикации
2001-12-17
Код:
source: https://www.securityfocus.com/bid/3698/info

Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing and so on. Webmin will run on most Unix variants, providing it has been properly configured.

Webmin does not adequately filter '../' sequences from web requests, making it prone to directory traversal attacks. Furthermore, since Webmin is a facility for remote web-based administration of Unix systems, it requires root privileges. This vulnerability could be exploited to effectively disclose any file on a host running the affected software.

It may also be possible to edit files or place files on the server. This may lead to a remote root compromise.

http://www.domain.com:10000/servers/link.cgi/1008341480/init/edit_action.cgi?0+../../../../../etc/shadow
 
Источник
www.exploit-db.com

Похожие темы