Full Disclosure mailing list archives
Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
From: str0ke <str0ke () milw0rm com>
Date: Sat, 15 Jul 2006 15:29:22 -0500
Jose, It works just fine. Tested on 7 test-bed hosts without an issue. /str0ke On 7/10/06, José Parrella <joseparrella () gmail com> wrote:
On 7/9/06, Alexander Hristov <joffer () gmail com> wrote: > Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit > Link : http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html > Date : 2006-06-30 > Patch : update to version 1.290 > Advisory : http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html Has anyone tested this? I've just tested this in Webmin 1.180 (Debian 3.1, package revision number 3) and didn't work (I had to explicitly allow the attacker IP to the miniserv.conf, which is not the default configuration in Debian and, I think, in Webmin's original tar.gz) Jose
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit Alexander Hristov (Jul 09)
- Message not available
- Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit str0ke (Jul 15)
- Message not available