A short and sweet simple exploit script for the CVE-2012-2982 Authenticated RCE vulnerability in the /file/show.cgi/bin endpoint.# CVE-2012-2982-Exploit-Script
A short and sweet simple exploit script for the CVE-2012-2982 Authenticated RCE vulnerability in the /file/show.cgi/bin endpoint.
# Webmin RCE Exploit — CVE-2012-2982
This repository contains a Python proof-of-concept exploit for **Webmin <= 1.580**, targeting a known remote code execution vulnerability via the `/file/show.cgi/bin/` endpoint.
---
## 📌 Description
The exploit abuses unauthenticated shell command injection through crafted URLs, leveraging the `session_login.cgi` and `file/show.cgi/bin/` endpoints. If login credentials are valid and the target is vulnerable, an injected reverse shell payload is executed.
---
## ⚙️ Requirements
- Python 3.x
- `requests` library
- Netcat (for reverse shell listener)
---
## 🚀 Usage
### Run the exploit:
```bash
python3 exploit.py
````
### Start a listener BEFORE running exploit:
```bash
nc -lvnp <your-port>
```
---
## 🧠 Notes
* Payload defaults to a `bash -i` reverse shell.
* A trailing `|` in the injected payload is critical for successful execution.
* Tested against Webmin 1.580. Will likely work on versions previous.
---
## 🔒 Disclaimer
For educational and authorized testing use **only**.
Unauthorized use of this exploit is illegal and unethical. For which i take no responsibility.
[4.0K] /data/pocs/18668cc9e33c2197eed130ba95759973db07a7eb
└── [1.3K] README.md
0 directories, 1 file