Webmin Package Updates Command Injection

Posted by deepcore on August 11, 2022 – 9:27 pm

This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Microsoft Patches Dogwalk Zero Day And 17 Critical Flaws Zimbra zmslapd Privilege Escalation »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Webmin Package Updates Command Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL