Webmin Directory Traversal Vulnerability

vendor:

Webmin

by:

SecurityFocus

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: Webmin

Affected Version From: 1

Affected Version To: 1.22

Patch Exists: YES

Related CWE: N/A

CPE: a:webmin:webmin

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unix

2002

Webmin Directory Traversal Vulnerability

Webmin does not adequately filter '../' sequences from web requests, making it prone to directory traversal attacks. Furthermore, since Webmin is a facility for remote web-based administration of Unix systems, it requires root privileges. This vulnerability could be exploited to effectively disclose any file on a host running the affected software. It may also be possible to edit files or place files on the server. This may lead to a remote root compromise.

Mitigation:

Ensure that Webmin is configured securely and that all requests are properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3698/info

Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing and so on. Webmin will run on most Unix variants, providing it has been properly configured.

Webmin does not adequately filter '../' sequences from web requests, making it prone to directory traversal attacks. Furthermore, since Webmin is a facility for remote web-based administration of Unix systems, it requires root privileges. This vulnerability could be exploited to effectively disclose any file on a host running the affected software.

It may also be possible to edit files or place files on the server. This may lead to a remote root compromise.

http://www.domain.com:10000/servers/link.cgi/1008341480/init/edit_action.cgi?0+../../../../../etc/shadow