Webmin 4Ô¶à¸öÄþ¾²Â©¶´

Ðû²¼Ê±¼ä 2021-04-25

0x00 ©¶´¸ÅÊö

²úÎïÃû³Æ

CVE ID

Àà   ÐÍ

©¶´Æ·¼¶

Ô¶³ÌÀûÓÃ

Ó°Ï췶Χ

Webmin

CVE-2021-31760

RCE

¸ßΣ

ÊÇ

Webmin <= 1.973

CVE-2021-31761

RCE

¸ßΣ

ÊÇ

CVE-2021-31762

RCE

¸ßΣ

ÊÇ

 

0x01 ©¶´ÏêÇé

image.png

WebminÊÇÒ»¸ö»ùÓÚWebµÄUnixϵͳ¹ÜÀí¹¤¾ß£¬¹ÜÀíÔ±¿ÉÒÔͨ¹ýä¯ÀÀÆ÷£¨HTTPS£©·ÃÎÊWebminÒÔʵÏÖWEB½çÃæ¹ÜÀíÖ÷»ú£¬ËüÔÚÈ«Çò·¶Î§ÄÚÒѾ­Áè¼Ý°ÙÍò´Î°²×° ¡£

½üÈÕ£¬Webmin±»Åû¶´æÔÚ¶à¸öÄþ¾²Â©¶´£¬Â©¶´×·×ÙΪCVE-2021-31760¡¢CVE-2021-31761ºÍCVE-2021-31762 ¡£¹¥»÷Õß¿ÉÒÔͨ¹ýÌᳫCSRF»òXSS¹¥»÷£¬×îÖÕʵÏÖÔ¶³ÌÃüÁîÖ´ÐÐ ¡£Ä¿Ç°ÕâЩ©¶´µÄPoC/EXPÒѹûÈ» ¡£

WebminÔ¶³ÌÃüÁîÖ´ÐЩ¶´£¨CVE-2021-31760£©

¹¥»÷Õß¿ÉÒÔͨ¹ý¿çÕ¾ÇëÇóαÔ죨CSRF£©¹¥»÷ʵÏÖÔ¶³ÌÃüÁîÖ´ÐÐ ¡£

image.png

 

 

WebminÔ¶³ÌÃüÁîÖ´ÐЩ¶´£¨CVE-2021-31761£©

¹¥»÷Õß¿ÉÒÔͨ¹ý·´ÉäÐÍ¿çÕ¾½Å±¾£¨XSS£©¹¥»÷ʵÏÖÔ¶³ÌÃüÁîÖ´ÐÐ ¡£

image.png

 

 

WebminÔ¶³ÌÃüÁîÖ´ÐЩ¶´£¨CVE-2021-31762£©

¹¥»÷Õß¿ÉÒÔÀûÓÿçÕ¾ÇëÇóαÔ죨CSRF£©¹¥»÷ͨ¹ýWebminµÄÌí¼ÓÓû§¹¦Ð§´´½¨Ò»¸öÌØȨÓû§£¬È»ºó·´µ¯shell»ñȡȨÏÞ ¡£

image.png

 

 

0x02 ´¦Öý¨Òé

Ä¿Ç°GithubÖÐWebminµÄ×îа汾Ϊ1.973£¬ÔÝδÐû²¼¸ü¸ß°æ±¾»òÄþ¾²¸üÐÂÀ´ÐÞ¸´´Ë©¶´£¬½¨Òé¹Ø×¢WebminµÄÄþ¾²¸üР¡£

ÏÂÔØÁ´½Ó£º

https://github.com/webmin/webmin

 

0x03 ²Î¿¼Á´½Ó

https://github.com/electronicbots/CVE-2021-31760

https://github.com/electronicbots/CVE-2021-31761

https://github.com/electronicbots/CVE-2021-31762

https://github.com/electronicbots/CVE-2021-31760/blob/main/RCE_eXploit.py

https://github.com/electronicbots/CVE-2021-31761/blob/main/eXploit.py

https://github.com/electronicbots/CVE-2021-31762/blob/main/eXploit.py

 

0x04 ʱ¼äÏß

2021-04-25  ©¶´¹ûÈ»

2021-04-25  VSRCÐû²¼Äþ¾²Í¨¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png