Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-32157 PoC — Webmin 跨站脚本漏洞

Source
https://github.com/dnr6419/CVE-2021-32157
Associated Vulnerability
Title:Webmin 跨站脚本漏洞 (CVE-2021-32157)
Description:A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
Description
Make it possible to build a vulnerable webmin virtual environment as a container using docker
Readme
# CVE-2021-32157
Make it possible to build a vulnerable webmin virtual environment as a container using docker

## Build 
If there is an error related to download, please comment on line 15 of dockerfile and run line 14 of dockerfile.
<pre>
 docker build -t VulnWebmin .
 docker run --name VulnWebmin -d --rm -p 10000:10000 VulnWebmin
</pre>

## Login 

<pre>
Go to http://[SERVER_IP]:10000
ID/Passsword : root/123456
</pre>

## Exploit
To use exploit script, Go to [Link](https://github.com/Mesh3l911/CVE-2021-32157/blob/main/eXploit.py)

<pre>
python3 eXploit.py
</pre>

## reference 
https://github.com/Mesh3l911/CVE-2021-32157/blob/main/eXploit.py
File Snapshot

 [4.0K]  /data/pocs/dc081f8f489a0a6f2e2621f9588693a5153d61e2
├── [ 865]  Dockerfile
├── [5.1K]  eXploit.py
├── [ 652]  README.md
└── [ 27M]  webmin_1.973_all.deb

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →