CVE-2022-36446-Webmin-Software-Package-Updates-RCE

CVE-2022-36446-Webmin-Software-Package-Updates-RCE copied to clipboard

A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin

Features

• [x] Supports HTTP and HTTPS (even with self-signed certificates with --insecure).
• [x] Single command execution with --command option.
• [x] Interactive console with --interactive option.

Usage

$ ./CVE-2022-36446.py -h
CVE-2022-36446 - Webmin < 1.997 - Software Package Updates RCE (Authenticated) v1.1 - by @podalirius_

usage: CVE-2022-36446.py [-h] -t TARGET [-k] -u USERNAME -p PASSWORD (-I | -C COMMAND) [-v]

CVE-2022-36446 - Webmin < 1.997 - Software Package Updates RCE (Authenticated)

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        URL to the webmin instance
  -k, --insecure
  -u USERNAME, --username USERNAME
                        Username to connect to the webmin.
  -p PASSWORD, --password PASSWORD
                        Password to connect to the webmin.
  -I, --interactive     Interactive console mode.
  -C COMMAND, --command COMMAND
                        Only execute the specified command.
  -v, --verbose         Verbose mode. (default: False)

Mitigation

Update to Webmin >= 1.997.

Demonstration

https://user-images.githubusercontent.com/79218792/184222596-3878e169-92ec-4507-99b5-3fe2c1d39360.mp4

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

References

• Vulnerable version: https://github.com/webmin/webmin/releases/download/1.996/webmin_1.996_all.deb
• https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde