CVE 2022 36446 Webmin Software Package Updates RCE Save
A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
Project README
A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin
Features
- Supports HTTP and HTTPS (even with self-signed certificates with
--insecure). - Single command execution with
--commandoption. - Interactive console with
--interactiveoption.
Usage
$ ./CVE-2022-36446.py -h
CVE-2022-36446 - Webmin < 1.997 - Software Package Updates RCE (Authenticated) v1.1 - by @podalirius_
usage: CVE-2022-36446.py [-h] -t TARGET [-k] -u USERNAME -p PASSWORD (-I | -C COMMAND) [-v]
CVE-2022-36446 - Webmin < 1.997 - Software Package Updates RCE (Authenticated)
optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
URL to the webmin instance
-k, --insecure
-u USERNAME, --username USERNAME
Username to connect to the webmin.
-p PASSWORD, --password PASSWORD
Password to connect to the webmin.
-I, --interactive Interactive console mode.
-C COMMAND, --command COMMAND
Only execute the specified command.
-v, --verbose Verbose mode. (default: False)
Mitigation
Update to Webmin >= 1.997.
Demonstration
Contributing
Pull requests are welcome. Feel free to open an issue if you want to add other features.
References
Open Source Agenda is not affiliated with "CVE 2022 36446 Webmin Software Package Updates RCE" Project. README Source: p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
Stars
107
Open Issues
1
Last Commit
1 year ago
Homepage
Open Source Agenda Badge
