This article covers the exploitation of the vulnerability that exists
in the Webmin 1.910. So according to the CVE “, any registered user
on the Webmin interface can execute root command by changing the data
parameter in package update”. We are going to use Burpusuite for
this demonstration.
Before starting the demonstration let me clear this article is only for educational purpose, the author is not responsible for any misuse and the demonstration was not performed on any live organization, we strongly believe in Ethical Hacking.
Before starting the demonstration let me clear this article is only for educational purpose, the author is not responsible for any misuse and the demonstration was not performed on any live organization, we strongly believe in Ethical Hacking.
Prerequisite:
Burpsuite, Webmin 1.910
Steps of Exploitation:
1. Log in with the normal user
credential on the Webmin interface and then go to the dashboard,
click on system, then software package updates and then you will
notice the Update Selected Packages button.
Dashboard – > System – >
software package update .
2. Make the Burpsuite intercept on and
then click the update selected package button. Once we captured the
request now our next step is to change the data parameter. The data
is in URL encoded format so we need to encode our code before making
the injection. Use any online or offline tool to encode the data to URL format. Once done append the code to data parameters. And that's
all we need to do.
This how the response looks like and it shows the command execution.
Comments
Post a Comment