CVE-2022-0824 PoC — Improper Access Control to Remote Code Execution in webmin/webmin

Source

Associated Vulnerability

Description

Deployement of Webmin version 1.984 which is vulnerable to authenticated remote code execution exploit.

Readme

# CVE-2022-0824

[![Docker](https://github.com/cryst4lliz3/CVE-2022-0824/actions/workflows/docker.yml/badge.svg)](https://github.com/cryst4lliz3/CVE-2022-0824/actions/workflows/docker.yml)

> Deployement of Webmin version 1.984 which is vulnerable to authenticated remote code execution exploit.

## Description

In Webmin version 1.984, affecting File Manager module, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as download file from remote URL and change file permission, `chmod`. It is possible to achieve Remote Code Execution via a crafted .cgi file by chaining those functionalities in the file manager.

## Deployement

```bash
docker-compose up -d
```

## Login Credentials

```creds
root:password
```

## Volumes

```volumes
$PWD/CVE-2022-0824/data → /var/webmin

```

## Proof of Concept

## Impact

This vulnerability is capable of modifying the OS file system and executing OS Command with running application privilege.

## References

- https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0824
- https://www.webmin.com/security.html

File Snapshot

 [4.0K]  /data/pocs/7705de84459cb2eb40f8edec72c12d88ed7e297f
├── [ 221]  docker-compose.yaml
├── [1.0K]  LICENSE
├── [1.2K]  README.md
└── [4.0K]  webmin
    └── [1.4K]  Dockerfile

1 directory, 4 files

Remarks