Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2012-2982 PoC — Webmin ‘file/show.cgi’任意命令执行漏洞

Source
https://github.com/cd6629/CVE-2012-2982-Python-PoC
Associated Vulnerability
Title:Webmin ‘file/show.cgi’任意命令执行漏洞 (CVE-2012-2982)
Description:file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
Description
This was converted from a metasploit module as an exercise for OSCP studying
Readme
# CVE-2012-2982-Python-PoC
This was converted from a metasploit module as an exercise for OSCP studying. It originally came from becoming frustrated with no public exploits to use manually for the box Gamezone from TryHackMe. I anaylzed the metasploit code and coverted it to python. 

Proof screenshot showing the user agent47:

![Alt text](https://gblobscdn.gitbook.com/assets%2F-M8-SyxgckWEMfZfndbo%2F-MDyvwy63_xsKXL4VW-A%2F-ME5--fR9TQL7EizAwXM%2Fimage.png?alt=media&token=79def17a-b655-4af0-9757-c0bef111cf0c "Proof")
File Snapshot

 [4.0K]  /data/pocs/6692de18db4116400484e5233c2940c5827166c1
├── [2.8K]  gamezone.py
├── [ 522]  README.md
└── [ 945]  web.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →