Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2012-2982 PoC — Webmin ‘file/show.cgi’任意命令执行漏洞

Source
https://github.com/0xF331-D3AD/CVE-2012-2982
Associated Vulnerability
Title:Webmin ‘file/show.cgi’任意命令执行漏洞 (CVE-2012-2982)
Description:file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
Readme
# CVE 2012-2982 EXPLOIT

## *Build*

> `mvn clean install`

## *Exploit*

> `java -jar ./target/CVE-2012-2982-1.0-SNAPSHOT-jar-with-dependencies.jar`
File Snapshot

 [4.0K]  /data/pocs/b8416bbe1618dba9dfb62a1cba6df6262087bf20
├── [2.9K]  pom.xml
├── [ 150]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            ├── [4.0K]  bodypublisher
            │   └── [ 822]  FormDataBodyPublisher.java
            ├── [4.0K]  dto
            │   └── [ 924]  CmdLineArgsDto.java
            ├── [4.0K]  exploit
            │   └── [4.5K]  Exploit.java
            ├── [4.0K]  main
            │   └── [ 763]  Main.java
            └── [4.0K]  util
                └── [ 665]  ExploitUtils.java

8 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →