CVE-2019-15107 PoC — Webmin 命令操作系统命令注入漏洞

Source

Associated Vulnerability

Description

Webmin-RCE-PoC-CVE-2019-15107 is a Python-based scanner that detects vulnerable Webmin (1.890 - 1.920) servers affected by CVE-2019-15107, an unauthenticated remote code execution (RCE) vulnerability in the /password_change.cgi endpoint.

Readme

# Webmin CVE-2019-15107 Vulnerability Scanner

A multi-threaded Python scanner to detect Webmin servers vulnerable to CVE-2019-15107 (authenticated RCE vulnerability in Webmin versions 1.890 through 1.920).

## Description

This tool scans a list of Webmin servers (provided in CSV format) and checks for the CVE-2019-15107 vulnerability, which allows remote code execution through the password_change.cgi endpoint. The scanner is multi-threaded for efficient scanning of large networks and provides color-coded output for easy result interpretation.

## Features

- Multi-threaded scanning for fast results
- CSV input file support (HOST:IP:PORT format)
- Color-coded terminal output (green/red/yellow for vulnerable/non-vulnerable/errors)
- Real-time scanning statistics
- Automatic saving of vulnerable hosts to `vulnerable_hosts.txt`
- Detailed scan summary report

## Vulnerability Details

**CVE-2019-15107**: An authenticated remote code execution vulnerability in Webmin versions 1.890 through 1.920. The vulnerability exists in the password_change.cgi endpoint, which allows command injection via the `expired` parameter.

## Installation

1. Clone this repository:
   ```bash
   git clone https://github.com/mattb709/CVE-2019-15107-Scanner.git
   cd CVE-2019-15107-Scanner
   ```

2. Install the required dependencies:
   ```bash
   pip install requests colorama
   ```

## Usage

1. Prepare a CSV file (`targets.csv`) with your target hosts in the following format:
   ```
   HOST,IP,PORT
   server1,192.168.1.1,10000
   server2,10.0.0.2,10000
   ```

   (If PORT is empty, default port 10000 will be used)

2. Run the scanner:
   ```bash
   python CVE-2019-15107-Scanner.py targets.csv
   ```

3. For faster scanning with multiple threads (e.g., 10 threads):
   ```bash
   python CVE-2019-15107-Scanner.py targets.csv --threads 10
   ```

## Output Example

```
[*] Starting Webmin CVE-2019-15107 Scanner
[*] Loading targets from: targets.csv
[*] Using 5 threads

[+] VULNERABLE: 192.168.1.1:10000
    Command output: uid=0(root) gid=0(root) groups=0(root)

[-] Not vulnerable: 10.0.0.2:10000
[!] Error: 10.0.0.3:10000 - Connection timeout

=== SCAN SUMMARY ===
Vulnerable hosts: 1
Non-vulnerable hosts: 1
Errors: 1
Total hosts scanned: 3

Vulnerable hosts saved to 'vulnerable_hosts.txt'
```

## Output Files

- `vulnerable_hosts.txt`: Contains all identified vulnerable hosts in IP:PORT format

## Disclaimer

This tool is intended for authorized security testing and research purposes only. The author is not responsible for any misuse or damage caused by this program. Always obtain proper authorization before scanning any systems.

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## References

- [CVE-2019-15107](https://nvd.nist.gov/vuln/detail/CVE-2019-15107)
- [Webmin Security Advisory](https://www.webmin.com/security.html)

File Snapshot

 [4.0K]  /data/pocs/aed6e3d96eab7903042a8bc57a250b63ebe1752f
├── [4.7K]  CVE-2019-15107-Scanner.py
├── [1.0K]  LICENSE
├── [2.8K]  README.md
└── [  33]  requirements.txt

0 directories, 4 files

Remarks