- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21183
- Проверка EDB
-
- Пройдено
- Автор
- A. RAMOS
- Тип уязвимости
- REMOTE
- Платформа
- CGI
- CVE
- cve-2001-1196
- Дата публикации
- 2001-12-17
Код:
source: https://www.securityfocus.com/bid/3698/info
Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing and so on. Webmin will run on most Unix variants, providing it has been properly configured.
Webmin does not adequately filter '../' sequences from web requests, making it prone to directory traversal attacks. Furthermore, since Webmin is a facility for remote web-based administration of Unix systems, it requires root privileges. This vulnerability could be exploited to effectively disclose any file on a host running the affected software.
It may also be possible to edit files or place files on the server. This may lead to a remote root compromise.
http://www.domain.com:10000/servers/link.cgi/1008341480/init/edit_action.cgi?0+../../../../../etc/shadow- Источник
- www.exploit-db.com
