Bugtraq mailing list archives
Webmin 1.050 - 1.060 remote exploit
From: Carl Livitt <carl () learningshophull co uk>
Date: Mon, 24 Feb 2003 12:45:43 +0000
Hi all, Attached is an exploit for the latest Webmin vulnerability. It relies on a non-default setting (passdelay) to be enabled. Webmin can verify user authentication by use of a session ID (SID) that is assigned when a user successfully authenticates to Webmin. It is possible to inject a fake SID into the session ID database by using a malicious username containing control sequences used internally by Webmin. This exploit simply creates a SID of 1234567890 for the user 'admin'. Then, it is a simple case of creating a cookie in your favorite browser containing: sid=1234567890; testing=1 Such that the Cookie HTTP header contains: Cookie: sid=1234567890; testing=1 When the webmin server recieves this cookie, it is verified as an authentic SID and an attacker can take complete control of the Webmin server... this is basically root access to the box it is running on. Cheers, Carl
Attachment:
webmin-exploit.pl
Description:
Current thread:
- Webmin 1.050 - 1.060 remote exploit Carl Livitt (Feb 24)