mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
1.9 KiB
1.9 KiB
CVE-2006-3392
Description
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
POC
Reference
No PoCs from references.
Github
- https://github.com/0x0d3ad/Kn0ck
- https://github.com/0xtz/CVE-2006-3392
- https://github.com/5l1v3r1/0rion-Framework
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Adel-kaka-dz/CVE-2006-3392
- https://github.com/AnonOpsVN24/Aon-Sploit
- https://github.com/Aukaii/notes
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/IvanGlinkin/CVE-2006-3392
- https://github.com/MrEmpy/CVE-2006-3392
- https://github.com/Prodject/Kn0ck
- https://github.com/YgorAlberto/Ethical-Hacker
- https://github.com/YgorAlberto/ygoralberto.github.io
- https://github.com/capturePointer/libxploit
- https://github.com/dcppkieffjlpodter/libxploit
- https://github.com/elstr-512/PentestPwnOs
- https://github.com/g1vi/CVE-2006-3392
- https://github.com/gb21oc/ExploitWebmin
- https://github.com/htrgouvea/spellbook
- https://github.com/kernel-cyber/CVE-2006-3392
- https://github.com/kostyll/libxploit
- https://github.com/oneplus-x/Sn1per
- https://github.com/oxagast/oxasploits
- https://github.com/samba234/Sniper
- https://github.com/tobor88/Bash
- https://github.com/unusualwork/Sn1per
- https://github.com/windsormoreira/CVE-2006-3392
- https://github.com/xen00rw/CVE-2006-3392