### [CVE-2006-3392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3392)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename.  NOTE: This is a different issue than CVE-2006-3274.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0x0d3ad/Kn0ck
- https://github.com/0xtz/CVE-2006-3392
- https://github.com/5l1v3r1/0rion-Framework
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Adel-kaka-dz/CVE-2006-3392
- https://github.com/AnonOpsVN24/Aon-Sploit
- https://github.com/Aukaii/notes
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/IvanGlinkin/CVE-2006-3392
- https://github.com/MrEmpy/CVE-2006-3392
- https://github.com/Prodject/Kn0ck
- https://github.com/YgorAlberto/Ethical-Hacker
- https://github.com/YgorAlberto/ygoralberto.github.io
- https://github.com/capturePointer/libxploit
- https://github.com/dcppkieffjlpodter/libxploit
- https://github.com/elstr-512/PentestPwnOs
- https://github.com/g1vi/CVE-2006-3392
- https://github.com/gb21oc/ExploitWebmin
- https://github.com/htrgouvea/spellbook
- https://github.com/kernel-cyber/CVE-2006-3392
- https://github.com/kostyll/libxploit
- https://github.com/oneplus-x/Sn1per
- https://github.com/oxagast/oxasploits
- https://github.com/samba234/Sniper
- https://github.com/tobor88/Bash
- https://github.com/unusualwork/Sn1per
- https://github.com/windsormoreira/CVE-2006-3392
- https://github.com/xen00rw/CVE-2006-3392