Webmin 1.900 Upload Authenticated Remote Command Execution

Posted by deepcore on March 16, 2019 – 8:50 pm

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the “Upload and Download” module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Root Cause Of The CVE-2019-0808 Kernel Privilege Escalation BMC Patrol Agent Privilege Escalation / Command Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Webmin 1.900 Upload Authenticated Remote Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL